This report seized the opportunity to do something different; it now focuses on highlighting what’s next for the hacking community. From neurodiversity in the hacking community to the rise of hacking influencer platforms, we’ve examined a broad spectrum of important topics. Now, most security professionals not only understand the difference between threat actors and hackers, but they actually have personal experience with ethical hacking.

In this report, one clear finding from the survey was that it is important to test throughout the application lifecycle using a variety of methods. Although testing early continues to be important, having visibility into and being able to monitor and test deployed applications is still critical. Although security testing capabilities have also improved, the value of individual testing capabilities has changed in response to increased threats and changing application architectures.

This is the fifth report in the series which plots the use of vulnerability disclosure in consumer markets with the introduction of enterprise starting in 2021. For consumers, knowing that a manufacturer has the requisite systems in place to receive, and remedy, known security flaws is a welcome form of assurance. Indeed, we have said many times that the lack of an easily identifiable method for reporting security issues could be likened to a canary in the coal mine – it’s a good health indicator as to how serious they are about security.

HackerOne’s Hacker-Powered Security Report: Industry Insights leverages data from real-world vulnerability reports to provide insight into the fastest-growing vulnerability categories, how bounty prices are changing year over year, and which industries are fastest to fix. The most innovative CISOs stay ahead of cybersecurity threats and mitigate vulnerabilities by augmenting internal teams and security testing tools with a skilled and engaged hacking community.

In this year’s Hacker-Powered Security Report: Financial Services, we look at what drives ethical hackers, where they focus their energies, and what they’re doing to help financial services companies improve their security profile. In the past year, the hacking community has found over 65,000 customer vulnerabilities. Financial services continues to be among the most popular industries for ethical hackers to work on, and vulnerabilities in web applications are by far the most commonly reported issues in the industry

The 7th annual Hacker-Powered Security Report goes deeper than ever before with customer insights, in addition to the opinions of some of the world’s top hackers. We also take a more comprehensive look at the top ten vulnerabilities and how various industries are performing when it comes to incentivizing hackers to find the vulnerabilities that are most important to them.

Intel 471 reported 27 ransomware variants were used to conduct 455 attacks from July 2022 to September 2022, a decrease of 38 attacks from the second quarter of 2022 and 134 from the first quarter of 2022. The daily average of reported LockBit breaches was two - the same trend we observed from the ransomware group in the third and fourth quarters of 2021 and the first and second quarters of 2022.

For this survey, we surveyed 426 security professionals directly responsible for managing cyber vulnerabilities in their day-to-day work. The survey was conducted online via Pollfish using organic sampling. What we found is that some organizations have effective ways to detect, respond to, and remediate their vulnerabilities, while other organizations have more blind spots than they think.

This report covers vulnerabilities disclosed this year. It aims to help the reader navigate the current vulnerability landscape. It provides valuable insight into vulnerability trends and how they are impacting organizations.

This report goes into the hacking industry in 2020. It talks about the impact of hackers on security, bug bounty trends, and more.

This report highlights research into cyber-attack trends in the smart mobility ecosystem.

The third annual report from Hacker One on the state of the hacker/security testing community. Data is drawn from Hacker One’s community of bug bounty registrants and subscribing platforms.

The fourth annual report from Hacker One on the state of the open security testing community, using data from Hacker One’s bug bounty program.

As software proliferates and DevOps takes hold, we conducted this study to understand the impact of utilizing Pentest as a Service (PtaaS) vs. traditional pentesting services. Within the backdrop of modern software development practices and rising appsec priorities, our study found that DevOps is a driving force for pushing pentest into the cloud and deploying Pentest as a Service. Furthermore, DevOps demands that appsec measures are delivered in a fashion that favors communication, transparency, and collaboration- PtaaS is exactly the evolution that addresses those aspects.

The findings in this report are a comprehensive look at ICS vulnerability statistics, including how they affect industrial control networks and whether appropriate mitigation is provided alongside the published advisories. Dragos identifies errors in the vulnerability scores associated with public reports, a critical part of our vulnerability assessments. By identifying and updating errors in vulnerability scores, Dragos vulnerability assessments help asset owners and operators better prioritize and manage patching and update procedures.

Veracode commissioned this survey from 451 Research to understand how widely accepted andpracticed coordinated disclosure – whereby a security researcher identifies a flaw and notifiesthe company, then the two work together to fix and publicly disclose the flaw – really is andwhere the pain points reside. In addition, we wanted to explore the means organizations haveestablished to receive vulnerability reports, and the attitudes toward a coordinated disclosurepolicy on both sides of the organization and among external security researchers. We also soughta deeper understanding of the motivations of security researchers, actions when a vulnerabilityis identified, timing for disclosure, desired outcomes, how organizations structure disclosurepolicies, and the effectiveness of bug bounties.

this report t explores the vulnerability-to-exploit (V2E) cybercrime and cybersecurity supply chain, outlines the players in the different market segments and provides insights into the related economic drivers.

From the report, “It is clear that there is no shortage of vulnerabilities to find. In the last year, Bugcrowd saw a 92% increase in total vulnerabilities reported over the previous year. The average payout per vulnerability increased this year by a whopping 83%, with average payouts for critical vulnerabilities reaching $2,669.92 — a 27% increase over last year.”

This report offers an inside look at hackers. It provides a glimpse into the BugCrowd community, identifies 5 distinct types of bug hunters and their motivations, Explores program variables that can motivate and encourage different types of bug hunters and the community as a whole.

The evolving threat landscape and perennial cybersecurity challenges are giving rise to community-based programs such as crowdsourced cybersecurity, an important evolution that’s fast becoming a foundational element of any organization’s cybersecurity program. Crowdsourced cybersecurity includes services such as bug bounty programs, vulnerability disclosure, and next-generation penetration testing (NGPT). This report explores several key findings based on research conducted by ESG.

This report takes you inside the mind of a hacker.