"Software Vulnerabilities Up by 20% in 2021"

Researchers at HackerOne discovered that software vulnerabilities increased by 20% in 2021 compared with 2020.  The bug bounty platform said its hackers had uncovered over 66,000 valid vulnerabilities this year, while hacker-powered pentests detected a 264% rise in reported vulnerabilities in 2021 compared to 2020. Additionally, there was a 47% increase in vulnerabilities detected by Vulnerability Disclosure Programs.  The researchers stated that the surge in vulnerabilities has partly been driven by the increase in organizations adopting hacker-powered security testing programs.  The most commonly discovered bug was cross-site scripting, as it was in 2020. However, there were significant increases in reports of information disclosure (58%) and business logic errors (67%). Of all the vulnerabilities reported, 26% were considered critical, 36% medium severity, and 34% low severity.  Encouragingly, the researchers found that the median resolution time fell by 19%, from 33 days in 2020 to 26.7 days in 2021 across all industries. Retail and e-commerce even saw time-to-remediation drop by more than 50% in this period.  The researchers also found that the median price of a critical bug rose by 20%, from $2500 in 2020 to $3000 in 2021. Additionally, the average bounty price for a critical bug rose by 13% and by 30% for a high severity rated bug this year.

Infosecurity reports: "Software Vulnerabilities Up by 20% in 2021"