Bug Bounty & Crowd-Sourced Cyber Security

Uploaded on 2021-02-05 in TECHNOLOGY--Hackers, FREE TO VIEW

The technology sector was the first market to adopt the crowd-sourced security model and continues to be the most important user in the market, followed by the finance and insurance sectors. The Coronavirus pandemic has dramatically accelerated the growth of crowd-sourcing in other sectors and to cope with the crisis, many organisations are reinventing  their operating models by digitising their activities. 

Given the growing importance of cyber security in the economic survival of companies, an increasing number of Chief Information Security Officers (CISOs) are turning to Bug Bounty programs and buying the services offered by ethical hackers

YesWeHack one of Europe's leading bug bounty platform, has announced exponential growth in Europe, with turnover growing by 100% in 2020.  During the same period, the number of completed bug bounty programs increased by 120% and the volume of identified vulnerabilities more than doubled.

In terms of the types of vulnerabilities detected, YesWeHack notes that the evolution of technologies has led to a slight but constant increase in vulnerabilities. 

These result from poor implementation or design flaws and access control that reduce the number of technical vulnerabilities in corporate networks and this trend is expected to increase as the trend towards hardening of the development of networks frameworks continues.

One reason for the popularity of the YesWeHack platform among ethical hackers can be attributed in part to the efficiency of the programs and the speed of payment. During 2020, for example, 55% of vulnerabilities were paid for less than one week after the report was submitted, furthermore. nearly 90% were paid within 28 days. It can be lucrative too - the biggest bonus paid to a YesWeHack hunter in 2020 was €10,000.

The time it takes to resolve vulnerabilities has also dropped significantly.T he average resolution time in 2020 was 44 days compared to 109 days in 2019. In addition, almost 70% of the vulnerabilities detected in 2020 by YesWeHack researchers were fixed within 28 days of acceptance. This increase can be attributed in part to the progressive integration of Bounty Bug within the software development lifecycle.

Ethical Hackers will play a central role in 2021 as many user organisation's understanding of the strategy has improved. An increasing number of them are finding the confidence to put crowd-sourced security into the mix  as a key component of their cyber security strategy.  

The attack surface is also likely to broaden as remote working and longer supply chains increase the number of vulnerable endpoints. Organizations cannot guarantee the security of their growing volume of third-party interactions, such as with logistics, customers, suppliers, service providers, and finance. “These interactions rapidly increase a company's attack surface and complicate the security of their digital footprint. Left unchecked, these new exposures can quickly become the target of future cyber-attacks.” commented Romain Lecoeuvre, CTO of YesWeHack.
 
As digital transformation quickly spreads across private and public sector organisations, it seems likely that ethical hackers will have a vital   role to play, with a significant adoption of the services that  firms like YesWeHack, Bugcrowd, HackerOne and others can offer in terms of speed, expertise and risk reduction. 
 

ZScaler:        Crowd Sourcing Week:       Bugcrowd:          YesWeHack:          HackerOne

You Might Also Read: 

Ethical Hackers Have Earned  $100m:

 

« Amazon Phishing Emails
Webinar: Architect a security-driven networking strategy in the AWS Cloud »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

TitanFile

TitanFile

TitanFile is an award-winning, easy and secure way for professionals to communicate without having to worry about security and privacy.

Code42

Code42

Code42 CrashPlan, is an enterprise SaaS solution that backs up all distributed end-user data on a single, secure platform.

RCMP Cybercrime Strategy

RCMP Cybercrime Strategy

The RCMP Cybercrime Strategy sets out in an Operational Framework and Action Plan to combat cybercrime.

GeoLang

GeoLang

GeoLang’s Ascema platform protects sensitive information at the content level by identifying, classifying and tracking data across the corporate infrastructure.

Secure Innovations

Secure Innovations

Secure Innovations is a cybersecurity firm dedicated to providing top-tier cyber security solutions for the Defense and the Intelligence Community.

VU Security

VU Security

VU is a specialist in Cybersecurity software development with a focus on the prevention of fraud and identity theft.

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative

Beryllium InfoSec Collaborative is an information security and cyber security company with 40-plus years of experience across industry & government.

Netragard

Netragard

Netragard has an established reputation for providing high-quality offensive and defensive security services.

CrowdSec

CrowdSec

CrowdSec is an open-source & participative IPS able to analyze visitor behavior by parsing logs & provide an adapted response to all kinds of attacks.

DataSolutions

DataSolutions

DataSolutions is a leading value-added distributor of transformational IT solutions in the UK and Ireland.

Wadilona Cyber Securities

Wadilona Cyber Securities

Wadilona Cyber Securities' sole aim is to bring and secure Information and Communications Technology (ICT) to and work for humans in its simplest terms.

UK Cyber Cluster Collaboration (UKC3)

UK Cyber Cluster Collaboration (UKC3)

UKC3 has been launched to support Cyber Clusters and encourage greater collaboration across regions and nations of the UK.

Secfix

Secfix

Secfix helps companies get secure and compliant in weeks instead of months. We are on a mission to automate security and compliance for small and medium-sized businesses.

CyberMaxx

CyberMaxx

At CyberMaxx, our approach to cybersecurity provides end-to-end coverage for our customers – we use offense to fuel defense.

Scality

Scality

Scality storage unifies data management from edge to core to cloud. Our market-leading file and object storage software protects data on-premises and in hybrid and multi-cloud environments.

Knostic

Knostic

Knostic is an early stage startup developing a risk management and governance platform designed for enterprise large language models (LLM).