Demand for crowdsourced security booms: YesWeHack bug bounty platform continues to thrive

PARIS, FRANCE and SINGAPORE – Media OutReach – 9
February 2022 – YesWeHack, Europe’s leading Bug
Bounty platform, today announced strong growth, with its annual revenue more
than doubling globally. In Asia, YesWeHack revenue grew by a substantial 200%.

YesWeHack’s
community of ethical hackers has grown by 75%, with over 35,000 hackers now
operating on the platform. On average, 1,200 to 1,300 researchers join
YesWeHack each month. This ever-growing popularity confirms it as the preferred
platform for ethical hackers looking for Bug Bounty programs.

It
was also a successful year for international expansion, with YesWeHack
establishing META presence and helping businesses in over 40 countries to
improve their security posture across the globe.

Vulnerability minefield

The past 12
months saw a record-breaking year for vulnerabilities. YesWeHack noted a
doubling in the number of bugs identified by its hackers. Of these, 35% were
considered ‘critical’ or ‘high’, meaning many business systems and applications
could have been severely impacted if these bugs were not found and remedied.

The increasing number and impact
of vulnerabilities discovered in 2021 such as SolarWind and Log4J has led
companies to intensify their investments in crowdsourced security. In 2021, the
online aggregator FireBounty.com, created by YesWeHack, counted a total of
nearly 24,000 vulnerability disclosure policies.

In terms of the type of
vulnerabilities detected, implementation and design flaws (Secure Design,
Access Control) remain the leading type of bugs for the second year in a row.
This trend can be explained by the increasing complexity of the applications
deployed.

Adoption by sector

The adoption of Bug Bounty
programs continues to grow across several industries with YesWeHack seeing a
100% increase in the number of active programs available on its platform.

Unsurprisingly, technology
continues to be the most prominent sector for YesWeHack. It represents 44% of
all programs on the YesWeHack platform, up from 35% last year. This is followed
by the financial services and insurance sector, which accounted for 18% of all
Bug Bounty programs on the platform in 2021.

As the pandemic continues to
disrupt the world, many other sectors have also accelerated their digital
transformation journey to meet the changing needs of their users. This is
especially relevant in the public sector, where many administrations and local
authorities are continuing to digitise their services and have therefore
launched Bug Bounty programs to protect their data.

Record year for rewards

Alongside the increase in programs
on its platform, YesWeHack has seen a 140% year-on-year growth in the total
amount of rewards paid out to hackers.

In 2021, the largest payout
amounted to €40,000. Last year also saw YesWeHack release the Swiss Post e-voting public bug bounty program,
offering the platform’s largest ever reward available to its hacker community
at €230,000.

One of the reasons for YesWeHack’s
growing popularity, among ethical hackers and customers alike, is its ongoing
commitment to the smooth running and quality of its programs. For example, in
2021, 78% of vulnerabilities were rewarded within 24 hours of being accepted,
while 89% were paid within 28 days of submission and 60% of vulnerabilities
were remediated within a month.

Crowdsourced security will continue to grow

Romain Lecoeuvre, CTO and
co-founder of YesWeHack, warns that the acceleration of digitalisation induced
by the pandemic should not lead companies to relax their security efforts.
“Many developers are under pressure to deliver applications as quickly as
possible in order to maintain or gain a competitive advantage. As a result,
speed is prioritised over security. For this reason, it is essential that
development and security teams work in tandem, with the help of ethical
hackers, to engage in a DevSecOps-like approach.”

Guillaume Vassault-Houlière, CEO
and co-founder of YesWeHack, notes that crowdsourced security is a great way
for companies to get into data privacy compliance. “Over the years, the
general public has become more and more sensitive to how to protect their data.
In the interests of transparency, many organisations are now working with
ethical hackers to find vulnerabilities in their systems, and to provide
assurances to their users. Indeed, unauthorised access to personal data is one
of the main risks identified in the programs available on our platform and has
traditionally offered the highest rewards. In this context, crowdsourced
security is not only the most effective way to discover vulnerabilities in
code, but also to reassure consumers about the security of a product or service
and the privacy of their data.”

 

Comments are closed.