Bugcrowd [1] [2] [3] [4], a crowdsourced security platform [1] [2] [3] [4], has observed significant growth in vulnerability submissions across various sectors [1] [4]. This report highlights the key findings and trends identified by Bugcrowd.
Description
In 2023, the government sector experienced the highest growth rate [1] [4], with a 151% increase in vulnerability submissions [1] [2] [3] [4]. Additionally, there was a 58% increase in Priority 1 (P1) rewards for discovering critical vulnerabilities [4]. Notable increases in vulnerability submissions were also observed in the retail, corporate services [2] [3], and computer software sectors [2] [3] [4].
Compared to the previous year [1] [4], there was a 30% increase in web vulnerability submissions [1] [2] [3] [4], an 18% increase in API submissions [1] [4], a 21% increase in Android submissions [1] [2] [3] [4], and a 17% increase in iOS submissions [1] [4]. The financial services industry and government segment had the highest median payouts for P1 vulnerabilities [1] [2] [3].
Bugcrowd’s latest report emphasizes the importance of crowdsourced security in identifying and addressing vulnerabilities in computer software and web applications [4]. It reveals that bug bounty programs with an open scope had a tenfold increase in P1 vulnerability submissions compared to restricted scopes [2] [3].
Furthermore, Bugcrowd’s Vulnerability Rating Taxonomy (VRT) now includes a new category related to AI [2] [3], reflecting the impact of AI on the threat landscape [2]. Employee training should focus on the possibility of fake voice recordings or videos [2], the combination of public information to create illusions [2], and the need for best practices in all job functions to combat cybercriminals [2].
Conclusion
The significant growth in vulnerability submissions across sectors highlights the increasing importance of proactive security measures. Bugcrowd’s findings underscore the need for organizations to prioritize crowdsourced security and implement bug bounty programs with open scopes. Additionally, the inclusion of AI-related vulnerabilities in Bugcrowd’s VRT emphasizes the evolving nature of cybersecurity threats. It is crucial for organizations to invest in employee training to address emerging risks and ensure best practices are followed in all job functions.
References
[1] https://betanews.com/2024/01/24/bugcrowd-sees-30-percent-increase-in-web-vulnerability-submissions/
[2] https://ciso2ciso.com/government-security-vulnerabilities-surge-by-151-report-finds-source-www-infosecurity-magazine-com/
[3] https://www.infosecurity-magazine.com/news/government-security/
[4] https://beamstart.com/news/bugcrowd-sees-30-percent-increase-17061134804531
