Sam Spielman

HackerOne Research Finds Hackers Discover A Software Vulnerability Every 2.5 Minutes HackerOne Research Finds Hackers Discover A Software Vulnerability Every 2.5 Minutes

Fourth annual report reveals more businesses are turning to hackers to find gaps in cyber defenses amid growing COVID-19 cyberthreats and stretched IT teams

Research by HackerOne, the world’s most trusted hacker-powered security platform, has revealed hackers are finding over twice as many vulnerabilities in software in 2020 than they were in 2019. Hackers have helped find and resolve over 180,000 vulnerabilities on the HackerOne platform, with one third of those being reported in the past year alone as more and more businesses turn to hackers to help secure their systems.


Driven by the pandemic, over a third of businesses (36%) have expedited digital initiatives to support remote working. Digitization of assets and the speed of development is creating new vulnerabilities. 30% of organizations confirmed they experienced an increase in attacks due to the pandemic, and hackers reported 28% more software vulnerabilities per month during the pandemic than before it.


The research also revealed that IT and security teams are more concerned about the impact of attacks, with 64% believing organizations were under more threat during the pandemic. At the same time, 30% of in-house security teams were reduced and a quarter had budget cuts since March.


“Budget and staff cutbacks, a rise in cyber attacks and the great rush to support remote workers have put security teams under significant pressure,” said HackerOne CEO, Marten Mickos. “Adding to that, the need to develop new COVID-proof solutions means fresh vulnerabilities are inevitable. Traditional security tactics are no longer sufficient to keep up with a rapidly adapting attack surface. New, affordable and agile solutions need to be found.” 


Additional key findings in the report included:

  • More than $44.75 million in bounties were awarded to hackers across the globe over the past year, driving the total bounties past $100 million. That’s a year-over-year increase of 86% in total bounties paid.
  • The potential earning power of a hacking career is above today’s global average IT salary of $89,732. In 2019, more than 50 hackers earned over $100,000 in 2019 from bug bounties.
  • There are now over 830,000 hackers registered on the HackerOne Community. They’ve earned more than $100 million through reports on 565,000+ vulnerabilities. 
  • 9 individual hackers from 7 different countries have now earned over $1 million on the HackerOne platform. 
  • Through Hack for Good, a feature that enables hackers to automatically donate bounty earnings to a chosen charity, hackers donated more than $30,000 to The World Health Organization (WHO) COVID-19 Solidarity Response Fund, Hack For Good’s first recipient. 
  • The average bounty paid for critical vulnerabilities increased to $3,650 in the past year; an 8% year-over-year increase. To date, $100,000 remains the largest individual bounty earned for a critical vulnerability on HackerOne.
  • Industries with year-over-year increase in total programs of 200% or greater included Computer Hardware (250%), Consumer Goods (243%), Education (200%), and Healthcare (200%).

Mickos continues: “We’ve all become hackers during the pandemic - questioning status quo, testing new ways of working, overcoming limitations. Our reports show that since the start of the pandemic, 30% of businesses have been more open to accepting security help from hackers. With hackers delivering concrete results at an affordable cost, even the most traditional industries are ready to give hacker-powered security a try.”

The full report is available at https://www.hackerone.com/fourth-annual-hacker-powered-security-report