HackerOne
Submitted by HackerOne on

Over a third of hackers spent more time finding web, mobile and cloud vulnerabilities since March 2020

 

SAN FRANCISCO, March 9, 2021 — HackerOne, the world’s most trusted hacker-powered security platform, today released its 2021 Hacker Report that reveals a 63% increase in the number of hackers submitting vulnerabilities in 2020. HackerOne’s annual Hacker Report combines findings from the world’s largest dataset of hackers and vulnerabilities with survey insights to tell a story about the diverse and robust expertise within the hacker community and their symbiotic partnership with the security teams they work with. 

As organizations’ attack surfaces have shifted due to pandemic led digital transformation, hackers have adapted and zeroed in on emerging threats. Reports for vulnerabilities caused by trends like moving to the cloud have proliferated in the past year, with misconfiguration vulnerabilities rising by 310%. 

Other key findings include:

 

  • 38% of hackers spent more time hacking since the COVID-19 pandemic started. 
  • Top hackers, on average, are reporting bugs across 20 different vulnerability categories, with a 53% rise in submissions for both Improper Access Control and Privilege Escalation
  • Half the hackers surveyed have not reported a bug because of a lack of a clear reporting process, or a previous negative experience
  • Hackers are not just driven by money, 85% of hackers do it to learn and 62% do it to advance their career
  • Hackers are expanding their experience of different technologies with more specialising in IoT, APIs and Android apps than ever before

“This year’s Hacker Report demonstrates the depth of vulnerability insights that hackers bring to a security program,” said HackerOne co-founder, Jobert Abma. “We’re seeing huge growth in vulnerability submissions across all categories and an increase in hackers specialising across a wider variety of technologies. As we see slower growth in some common vulnerabilities that are easily found and fixed, we’re seeing hackers be more creative in their attempt to discover new attack vectors.  Every time a hacker links several low-severity vulnerabilities together to help a customer avoid a breach, or finds a unique bypass to a software patch, it proves that machines will never truly outpace humankind.”

The Hacker Report also documents the motivations of this community and reveals trends about how hackers develop their skills to enhance their career prospects. Hackers earned over $40 million in bounties last year, bringing total hacker earnings to date over $100 million. In addition to bounties, learning continues to be a top driver for hackers, with 85% doing it to learn, 62% doing it to advance their career and 33% already having leveraged their skills to secure a job. 

Read the full report here to learn more about how the hacker community can enhance your organization’s security: 

 

Methodology

Data was collected from a proprietary HackerOne survey of 4000 hackers globally, conducted in December 2020 and January 2021. The surveyed individuals have all successfully reported one or more valid security vulnerabilities on HackerOne, as indicated by the organization that received the vulnerability report. Additional findings were collected from the HackerOne platform using HackerOne’s proprietary data based on over 2000 hacker powered security programs.