835 security vulnerabilities found by ethical hackers in 2023, bringing them €417,000 in earnings, study shows
February 2024 by Surfshark
Surfshark analyzed the HackerOne repository of security vulnerabilities reported by white-hat hackers and found that in 2023, 835 security vulnerabilities were found across 105 websites, which brought earnings of at least €417,000 to ethical hackers.
“Software vulnerabilities are not a matter of “if” but rather “when”. Considering that complex platforms may require millions of lines of code, it’s inevitable that even the most advanced developers can leave some flaws behind. That’s why partnerships between companies and ethical hackers are so important”, says Agneska Sablovskaja, Research Team Lead.
Here are the key findings:
• The 835 vulnerability reports were the combined effort of 93 ethical hackers;
• Security vulnerabilities from The United States Department of Defense were the most common in the HackerOne repository in 2023, with 96 cases reported;
• LinkedIn received 28 security vulnerability reports through bug bounty programs, ranking as the fifth most frequently reported platform.
Surfshark’s Cyber Security Lead Aleksandr Valentij emphasizes the importance of downloading software updates: “Once a security vulnerability becomes public, it’s only a matter of time before hackers try to take advantage of it, making the vulnerability much more dangerous than it was when it was not yet known. That’s why developers rush to develop patches for vulnerabilities once they’re revealed and release these patches as software updates. Setting automatic updates for all apps is an easy way to make sure you have the safest version of an app at all times.”