We’re three weeks into January, which means we’ve hit the time of the year when New Year’s resolutions have inevitably been forgotten, Dry January has been abandoned, and we’re all just trying our best to get through the rest of winter in one piece. But what if we told you that we have a surprise that might make your January a little less dreary and might even help you achieve your New Year’s cybersecurity resolutions?
We’re absolutely ecstatic to release our flagship annual report: Inside the Platform: Bugcrowd’s Vulnerability Trends Report. You may remember this piece based on its previous name: Priority One.
What is Inside the Platform?
Inside the Platform is a magazine-style piece that features an analysis of all the crowdsourced security vulnerability submissions handled through the Bugcrowd Platform in 2023. The report leverages these data to offer trends and insights for CISOs and security leaders.
Specifically, the report looks at vulnerability submission data from every possible angle to attempt to predict the future of cybersecurity. In writing this report, we examined overall submissions, critical submissions, payout data, notable targets, VRT categories, and public vs. private programs. We also broke down the data into six key industry categories. Using this analysis, we forecasted trends and made recommendations on what levers to pull in a crowdsourced security program to achieve success.
The report also includes qualitative interviews with Bugcrowd customers, thought pieces on the value of an open scope program and how different hacker roles contribute to crowdsourced security, social media spotlights, legal work being done to make hacking safer, and more.
Key takeaways from Inside the Platform
The 12 articles that Inside the Platform are composed of are jam-packed with data, but here are five highlights:
- Higher Rewards—The most successful programs were those that offered higher rewards (e.g., $10,000 or more for P1 vulnerabilities).
- Open Scope—Programs with open scopes saw 10x more P1 vulnerability submissions than those with limited scopes.
- Vulnerability Submissions by Industry—The government sector experienced a 151% increase in vulnerability submissions and a 58% increase in the number of P1s rewarded in 2023 compared to 2022.
- P1 Payouts by Industry—The financial services industry and government sector offered the highest median payouts for P1 vulnerabilities ($10,000 and $5,000, respectively).
- AI—A new AI-related category was added to Bugcrowd’s Vulnerability Rating Taxonomy (VRT). This addition reflects the profound influence that AI has had and will have on the threat environment and the ways that hackers, customers, and the Bugcrowd triage team view certain vulnerability classes and their relative impacts.
Where to find more information
The report is live! Keep an eye on our social media for breakdowns of the report from experts at Bugcrowd, plus a webinar later next month.