2020 Press Releases

September 29, 2020

HackerOne Research: Hackers Found Software Vulnerabilities Every 2.5 Minutes

Research by HackerOne, the world’s most trusted hacker-powered security platform, has revealed hackers are finding over twice as many vulnerabilities in software in 2020 than they were in 2019. With one-third of those being reported in the past year alone as more and more businesses turn to hackers to help secure their systems, hackers have helped find and resolve over 180,000 vulnerabilities on the HackerOne platform.

Driven by the pandemic, over a third of businesses (36%) have expedited digital initiatives to support remote working. Digitisation of assets and the speed of development is creating new vulnerabilities. Due to the pandemic, 30% of organisations confirmed they experienced an increase in attacks and hackers reported 28% more software vulnerabilities per month during the pandemic than before it.

The research also revealed that IT and security teams are more concerned about the impact of attacks, with 64% believing organisations were under more threat during the pandemic. At the same time, 30% of in-house security teams were reduced and a quarter had budget cuts since March.

“Budget and staff cutbacks, a rise in cyber attacks and the great rush to support remote workers have put security teams under significant pressure,” said HackerOne CEO, Marten Mickos. “Adding to that, the need to develop new COVID-proof solutions means fresh vulnerabilities are inevitable. Traditional security tactics are no longer sufficient to keep up with a rapidly adapting attack surface. New, affordable and agile solutions need to be found.”

Additional key findings in the report included:

  1. More than $44.75 million in bounties were awarded to hackers across the globe over the past year, driving the total bounties past $100 million. That’s a year-over-year increase of 86% in total bounties paid.

  2. The potential earning power of a hacking career is above today’s global average IT salary of $89,732. In 2019, more than 50 hackers earned over $100,000 in 2019 from bug bounties.

  3. There are now over 830,000 hackers registered on the HackerOne Community. They’ve earned more than $100 million through reports on 565,000+ vulnerabilities.

  4. 9 individual hackers from 7 different countries have now earned over $1 million on the HackerOne platform.

  5. Through Hack for Good, a feature that enables hackers to automatically donate bounty earnings to a chosen charity, hackers donated more than $30,000 to The World Health Organization (WHO) COVID-19 Solidarity Response Fund, Hack For Good’s first recipient.

  6. The average bounty paid for critical vulnerabilities increased to $3,650 in the past year; an 8% year-over-year increase. To date, $100,000 remains the largest individual bounty earned for a critical vulnerability on HackerOne.

  7. Industries with year-over-year increase in total programs of 200% or greater included Computer Hardware (250%), Consumer Goods (243%), Education (200%), and Healthcare (200%).

Mickos continues: “We’ve all become hackers during the pandemic - questioning status quo, testing new ways of working, overcoming limitations. Our reports show that since the start of the pandemic, 30% of businesses have been more open to accepting security help from hackers. With hackers delivering concrete results at an affordable cost, even the most traditional industries are ready to give hacker-powered security a try.”