Connect with us

Data security

Software Vulnerabilities Up by 20% in 2021



nxtalpha aggregator

Software Vulnerabilities Up by 20% in 2021

Software vulnerabilities increased by 20% in 2021 compared with 2020, according to a new report by HackerOne.

The bug bounty platform said its hackers had uncovered over 66,000 valid vulnerabilities this year, while hacker-powered pentests detected a 264% rise in reported vulnerabilities in 2021 compared to 2020. Additionally, there was a 47% increase in vulnerabilities detected by Vulnerability Disclosure Programs.

The surge in vulnerabilities has partly been driven by the increase in organizations adopting hacker-powered security testing programs, according to the report. For example, there was a 62% increase in financial services programs and an 89% rise in government programs, including a bug bounty challenge by the UK’s Ministry of Defence.

HackerOne said another factor is the expansion of attack surfaces brought about by digital transformation and cloud migration during the pandemic.

The most commonly discovered bug was cross site scripting, as it was in 2020. However, there were significant increases in reports of information disclosure (58%) and business logic errors (67%). Of all the vulnerabilities reported, 26% were considered critical, 36% medium severity, and 34% low severity.

Encouragingly, the median time to resolution fell by 19%, from 33 days in 2020 to 26.7 days in 2021 across all industries. Retail and e-commerce even saw time-to-remediation drop by more than 50% in this period.

The report also found that the median price of a critical bug rose by 20%, from $2500 in 2020 to $3000 in 2021. Additionally, the average bounty price for a critical bug rose by 13% and by 30% for a high severity rated bug this year.

Chris Evans, CISO and chief hacking officer at HackerOne, commented: “Even the most conservative organizations are recognizing the power of the outsider point of view.

“We’ve continued to see high growth in the financial services sector, for example. Measuring and quantifying risk is their business, and they’re seeing that both risk and business outcome is better if they embrace hackers. Across the board, we’re seeing customers using vulnerability report data to inform their software development lifecycles. Organizations are catching issues earlier, and remediating them, at greatly reduced cost by focusing on improvements to developer education, source code integrations, and development frameworks.”

Continue Reading



Public Companies Hold A Combined $11.8 Billion Worth Of BTC On Their Balance Sheet – See The Leading Firms

Crypto Mining3 weeks ago

Aliyu Pokima Publicly traded companies went all-in on Bitcoin in 2021 led by Michael Saylor’s MicroStrategy.Other firms on the list...

Indian Regulator SEBI Wants Mutual Funds to Stay Away From Crypto Investments Until Legislation Is Finalized

Crypto Mining3 weeks ago

Kevin Helms The Securities and Exchange Board of India (SEBI) has reportedly asked mutual fund companies not to get involved...

XRP Creator Chris Larsen Proposes Strategy To Incentivize Bitcoin Miners To Move Away From Proof-of-Work

Crypto Mining1 month ago

Brenda Ngari XRP inventor and Ripple executive chairman Chris Larsen has unveiled a plan to entice miners of the flagship...

Iceland Refuses to Power New Bitcoin Farms Amid Electricity Shortages

Crypto Mining1 month ago

Lubomir Tassev Cryptocurrency mining is among several energy-intensive industries hurt by a power deficit in Iceland. The country’s main utility...

Public Bitcoin Miners Are Increasing Their BTC Treasuries

Crypto Mining2 months ago

Dylan LeClair And Sam Rule Publicly-traded bitcoin mining firms have been accumulating and holding bitcoin at an increasing rate.The below...

NASDAQ-Listed HIVE Blockchain to Expand Data Center in New Brunswick, Canada With 40 Megawatts Capacity

Crypto Mining3 months ago PR HIVE Blockchain is set to expand its data center campus in New Brunswick, Canada with 40 megawatts capacity....

%d bloggers like this: