Software vulnerabilities have increased 21% since 2021, with more than 65 discovered this year, according to a HackerOne report.
The outsourced cybersecurity platform analyzed the vulnerabilities discovered by its ethical hackers and found that vulnerabilities in digital transformation projects have increased significantly over the past year, with their associated misconfigurations increasing by two and a half and inadequate authorization protocols in nearly half.
Surveying more than 5000 hackers in its community, HackerOne also found that more than a third of hackers believed that lack of experience was the biggest problem for companies' security posture.
What hackers think
More worryingly, most hackers thought automated threat detection tools weren't good enough, with 92% saying they can discover vulnerabilities missed by such software in scans.
The report also asked hackers about their motivations, with the majority (79%) saying they wanted to learn from their activities and 72% were motivated by money. Nearly half hack more now than last year too.
Somewhat counterintuitively, they also tended to target higher-quality programs, with half avoiding programs that had poor communication features and slow response times.
Half again did not report vulnerabilities they found, and 42% said the target in question did not have a proper process for doing so.
Average payments to hackers for finding vulnerabilities, called bounties, have not increased significantly since last year, but there has been a marked 315% increase in the average payout of bounties tied to cryptocurrency and blockchain programs, from €6443 in 2021 to €26 in 728. .
“Customers continue to introduce risk into digital transformation projects,” said Chris Evans, CISO at HackerOne. "The report also shows that hackers can identify introduced vulnerabilities so our customers can fix them before they cause an incident."