Sign In

Communications of the ACM

ACM TechNews

Hacker-Powered Security Is Reaching Critical Mass

View as: Print Mobile App Share:
A hacker in Google's Project Zero defensive hacking team.

Hackers are finding more severe vulnerabilities than ever before.

Credit: Andrew Russell/AP

Hackers are finding more severe vulnerabilities than ever before, as the total number of high or critical severity vulnerabilities identified increased 22% last year, according to the 2018 Hacker-Powered Security Report.

In addition, 24% of resolved vulnerabilities were classified as high to critical severity across industries. Bounties for high-impact findings are growing; the top bounty awarded for a single report reached $75,000 in 2017.

Competitive programs from Google, Microsoft, and Intel are offering $250,000 bounty awards for the identification of critical issues.

The study also found false positives are fading, with 80% of submitted and qualified reports proving to be valid.

The annual report, which is a benchmark study of the bug bounty and vulnerability disclosure ecosystem, is based on more than 72,000 resolved security vulnerabilities, 1,000 customer programs, and more than $31 million in bounties awarded to hackers from more than 100 countries.

From Help Net Security
View Full Article


Abstracts Copyright © 2018 Information Inc., Bethesda, Maryland, USA


No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account