The adoption of crowdsourced security is not limited to just software and technology companies, as revealed by Bugcrowd. According to recent data, various sectors have shown an increasing interest in leveraging crowdsourced security to identify vulnerabilities and enhance their overall security posture.
In the year 2023, the government industry sector witnessed the most significant growth in crowdsourced security compared to 2022, with a remarkable 151% increase in vulnerability submissions and a 58% increase in Priority 1 (P1) rewards for identifying critical vulnerabilities. Other sectors that also saw substantial growth in submissions included retail (+34%), corporate services (+20%), and computer software (+12%).
Furthermore, the hacker community experienced a surge in Web submissions by 30%, API submissions by 18%, Android submissions by 21%, and iOS submissions by 17% on the Bugcrowd platform, highlighting the increasing interest in crowdsourced security across different platforms and technologies.
Nick McKenzie, the Chief Information Security Officer (CISO) of Bugcrowd, emphasized the significance of the report in providing valuable insights and opportunities for security leaders seeking to strengthen their risk profiles. He also predicted that in 2024, threat actors would utilize adversarial AI to accelerate enterprise attacks, resulting in a higher volume of attacks that may pose challenges for defenders. Additionally, McKenzie highlighted the growing importance of securing supply chains, managing third-party risks, and ensuring continuous assurance in inventory management processes.
Moreover, McKenzie pointed out the escalating human risk factor due to the actions of malicious insiders and employees susceptible to social engineering attacks, underscoring the need for continuous vulnerability identification through the crowdsourcing of human intelligence.
The report also highlighted the maturity of the crowdsourced security industry, citing the increasing adoption of penetration-testing-as-a-service, managed bug bounties, and vulnerability disclosure programs (VDPs). The most successful programs on the Bugcrowd platform were revealed to offer substantial rewards to hackers, typically exceeding $10,000 for identifying P1 vulnerabilities. The financial services and government sectors were identified as offering the highest payouts for P1 vulnerability submissions.
Additionally, the data showed that enterprises were increasingly favoring public crowdsourced programs over private ones, with open scope programs receiving 10 times more P1 vulnerabilities than programs with limited scopes. This shift indicated a growing preference for comprehensive and inclusive testing environments among organizations.
Despite the common misconception that crowdsourced security is a nascent addition to the security technology stack, the industry has evolved significantly over the past decade. The increasing adoption of crowdsourced security across diverse sectors and the maturation of industry practices underscore the growing significance of leveraging community-driven approaches to enhance cybersecurity.
In conclusion, the data provided by Bugcrowd demonstrates the widespread adoption of crowdsourced security beyond the realm of software and technology companies, signaling a paradigm shift in how organizations approach vulnerability identification and cybersecurity. The report’s findings offer valuable insights that can guide security leaders in mitigating emerging threats and enhancing their overall security strategies.