Bug Bounty & Crowd-Sourced Cyber Security

Uploaded on 2021-02-05 in TECHNOLOGY--Hackers, FREE TO VIEW

The technology sector was the first market to adopt the crowd-sourced security model and continues to be the most important user in the market, followed by the finance and insurance sectors. The Coronavirus pandemic has dramatically accelerated the growth of crowd-sourcing in other sectors and to cope with the crisis, many organisations are reinventing  their operating models by digitising their activities. 

Given the growing importance of cyber security in the economic survival of companies, an increasing number of Chief Information Security Officers (CISOs) are turning to Bug Bounty programs and buying the services offered by ethical hackers

YesWeHack one of Europe's leading bug bounty platform, has announced exponential growth in Europe, with turnover growing by 100% in 2020.  During the same period, the number of completed bug bounty programs increased by 120% and the volume of identified vulnerabilities more than doubled.

In terms of the types of vulnerabilities detected, YesWeHack notes that the evolution of technologies has led to a slight but constant increase in vulnerabilities. 

These result from poor implementation or design flaws and access control that reduce the number of technical vulnerabilities in corporate networks and this trend is expected to increase as the trend towards hardening of the development of networks frameworks continues.

One reason for the popularity of the YesWeHack platform among ethical hackers can be attributed in part to the efficiency of the programs and the speed of payment. During 2020, for example, 55% of vulnerabilities were paid for less than one week after the report was submitted, furthermore. nearly 90% were paid within 28 days. It can be lucrative too - the biggest bonus paid to a YesWeHack hunter in 2020 was €10,000.

The time it takes to resolve vulnerabilities has also dropped significantly.T he average resolution time in 2020 was 44 days compared to 109 days in 2019. In addition, almost 70% of the vulnerabilities detected in 2020 by YesWeHack researchers were fixed within 28 days of acceptance. This increase can be attributed in part to the progressive integration of Bounty Bug within the software development lifecycle.

Ethical Hackers will play a central role in 2021 as many user organisation's understanding of the strategy has improved. An increasing number of them are finding the confidence to put crowd-sourced security into the mix  as a key component of their cyber security strategy.  

The attack surface is also likely to broaden as remote working and longer supply chains increase the number of vulnerable endpoints. Organizations cannot guarantee the security of their growing volume of third-party interactions, such as with logistics, customers, suppliers, service providers, and finance. “These interactions rapidly increase a company's attack surface and complicate the security of their digital footprint. Left unchecked, these new exposures can quickly become the target of future cyber-attacks.” commented Romain Lecoeuvre, CTO of YesWeHack.
 
As digital transformation quickly spreads across private and public sector organisations, it seems likely that ethical hackers will have a vital   role to play, with a significant adoption of the services that  firms like YesWeHack, Bugcrowd, HackerOne and others can offer in terms of speed, expertise and risk reduction. 
 

ZScaler:        Crowd Sourcing Week:       Bugcrowd:          YesWeHack:          HackerOne

You Might Also Read: 

Ethical Hackers Have Earned  $100m:

 

« Amazon Phishing Emails
Webinar: Architect a security-driven networking strategy in the AWS Cloud »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

CERT-UG/CC

CERT-UG/CC

CERT-UG/CC is the national Computer Emergency Response Team for Uganda, operating under the National Information Technology Authority (NITA-U)

Exprivia

Exprivia

Exprivia is active in the design, development and integration of IT systems including cyber security.

MaskTech

MaskTech

MaskTech supplies highest security embedded chipsets, operating systems and related middleware for electronic identification cards, travel documents and authentication solutions.

Callsign

Callsign

Callsign’s mission is to seamlessly power the identification of every web, mobile and physical interaction.

CyberASAP

CyberASAP

CyberASAP provides expertise, knowledge and support to convert academic ideas into commercial products in the cyber security space.

Crosspring

Crosspring

Crosspring is an incubator/accelerator for people who have the ambition to start a successful business or want to extend their existing business in the areas of FinTech, AR, VR, Cybersecurity and SaaS

Rede Nacional CSIRT

Rede Nacional CSIRT

Rede Nacional CSIRT is a national network of CSIRTs in Portugal aimed at cooperation and mutual assistance in the handling of incidents and in the sharing of good security practices.

Avancer Corporation

Avancer Corporation

Avancer Corporation is a multi-system integrator focusing on Identity and Access Management (IAM) Technology. Founded in 2004.

Sectyne

Sectyne

Sectyne is a full-stack cyber consultancy committed to providing tailored services, advisory consultations, and training.

Kingston Technology

Kingston Technology

Kingston is a leading global manufacturer of memory and storage solutions including encrypted storage solutions to protect data inside and outside the firewall.

Techsolidity

Techsolidity

Techsolidity is an emerging e-learning platform that offers a wide range of upskilling programs worldwide in areas including cybersecurity.

Plex IT

Plex IT

Plex IT provides managed IT services to organisations along with managed security services.

Aeries Technology

Aeries Technology

Aeries is a technology services organization offering capabilities in Technology Services, Digital Transformation, and Business Process Management.

Quarkslab

Quarkslab

Quarkslab is a dedicated team of cyber-security engineers and developers. We aim at forcing the attackers, not the defender, to adapt constantly.

Universal Technical Resource Services (UTRS)

Universal Technical Resource Services (UTRS)

UTRS is a technology firm that delivers a wide range of engineering, technical, strategic, and digital services to the public and private sectors.

Auraya

Auraya

Auraya develops its next generation voice biometric AI to deliver easy-to-use and highly secure speaker recognition and fraud detection capabilities.