Demand for crowdsourced security booms: YesWeHack bug bounty platform continues to thrive

Categories
News

YesWeHack, Europe’s leading Bug Bounty platform, today announced strong growth, with its annual revenue more than doubling globally.

YesWeHack’s community of ethical hackers has grown by 75%, with over 35,000 hackers now operating on the platform. On average, 1,200 to 1,300 researchers join YesWeHack each month. This ever-growing popularity confirms it as the preferred platform for ethical hackers looking for Bug Bounty programs.

It was also a successful year for international expansion, with YesWeHack establishing META presence and helping businesses in over 40 countries to improve their security posture across the globe.

 Vulnerability minefield

The past 12 months saw a record-breaking year for vulnerabilities. YesWeHack noted a doubling in the number of bugs identified by its hackers. Of these, 35% were considered ‘critical’ or ‘high’, meaning many business systems and applications could have been severely impacted if these bugs were not found and remedied.

The increasing number and impact of vulnerabilities discovered in 2021 such as SolarWind and Log4J has led companies to intensify their investments in crowdsourced security. In 2021, the online aggregator FireBounty.com, created by YesWeHack, counted a total of nearly 24,000 vulnerability disclosure policies.

In terms of the type of vulnerabilities detected, implementation and design flaws (Secure Design, Access Control) remain the leading type of bugs for the second year in a row. This trend can be explained by the increasing complexity of the applications deployed.

Adoption by sector

The adoption of Bug Bounty programs continues to grow across several industries with YesWeHack seeing a 100% increase in the number of active programs available on its platform.

Unsurprisingly, technology continues to be the most prominent sector for YesWeHack. It represents 44% of all programs on the YesWeHack platform, up from 35% last year. This is followed by the financial services and insurance sector, which accounted for 18% of all Bug Bounty programs on the platform in 2021.

As the pandemic continues to disrupt the world, many other sectors have also accelerated their digital transformation journey to meet the changing needs of their users. This is especially relevant in the public sector, where many administrations and local authorities are continuing to digitise their services and have therefore launched Bug Bounty programs to protect their data.

Record year for rewards

Alongside the increase in programs on its platform, YesWeHack has seen a 140% year-on-year growth in the total amount of rewards paid out to hackers.

In 2021, the largest payout amounted to €40,000 (£33,000). Last year also saw YesWeHack release the Swiss Post e-voting public bug bounty program, offering the platform’s largest ever reward available to its hacker community at €230,000 (£197,000). 

One of the reasons for YesWeHack’s growing popularity, among ethical hackers and customers alike, is its ongoing commitment to the smooth running and quality of its programs. For example, in 2021, 78% of vulnerabilities were rewarded within 24 hours of being accepted, while 89% were paid within 28 days of submission and 60% of vulnerabilities were remediated within a month.

Crowdsourced security will continue to grow

Romain Lecoeuvre, CTO and co-founder of YesWeHack, warns that the acceleration of digitalisation induced by the pandemic should not lead companies to relax their security efforts. “Many developers are under pressure to deliver applications as quickly as possible in order to maintain or gain a competitive advantage. As a result, speed is prioritised over security. For this reason, it is essential that development and security teams work in tandem, with the help of ethical hackers, to engage in a DevSecOps-like approach.”

Guillaume Vassault-Houlière, CEO and co-founder of YesWeHack, notes that crowdsourced security is a great way for companies to get into data privacy compliance. “Over the years, the general public has become more and more sensitive to how to protect their data. In the interests of transparency, many organisations are now working with ethical hackers to find vulnerabilities in their systems, and to provide assurances to their users. Indeed, unauthorised access to personal data is one of the main risks identified in the programs available on our platform and has traditionally offered the highest rewards. In this context, crowdsourced security is not only the most effective way to discover vulnerabilities in code, but also to reassure consumers about the security of a product or service and the privacy of their data.”