Did you know Bug Bounty Bonanza: 835 Reports, $450K Rewards in 2023 - Surfshark Reveals Impactful Statistics
Ever heard of bug bounty programs? These initiatives invite individuals
to spot and report security flaws in digital spaces, benefitting
companies by allowing them to fix issues before they escalate. Those who
identify and report these flaws are often referred to as ethical or
white-hat hackers. Their role is crucial in creating a safer online
environment, and in return, they receive rewards from major companies
for their efforts. Recently, researchers at Surfshark shared some intriguing statistics about bug bounty.
In
2023, hackers reported 835 software security threats to 105 companies
and they were given $450,000 for their help. Out of 93 ethical hacking
experts who reported these flaws, the top 5 hackers gained 20% of the
total rewards. The most security threats were reported about the United
States Department of Defense with 96% reports that make up 10% of total
reports in 2023. Two of the biggest issues that were reported were about
website configuration where one issue was automatically giving
permission to admin access and the second issue was about default
password. These flaws were enabling users to upload and delete their
files, change privileges, and delete users’ accounts.
A bug bounty program managed by HackerOne that researches and protects
open-source software projects, received 86 reports in 2023 and gave
$121,000. Other platforms including GitHub and GitLab gave 30,000 and
23,000 to those hackers respectively. Through these bug bounty programs,
LinkedIn received a total of 28 security threats. Now, it is ranked as
the fifth platform with these threats. Two of the biggest flaws that
were reported on LinkedIn were related to improper disclosure of
information.
m