Security News > 2021 > December > Hackers reported 21% more vulnerabilities in 2021 than in 2020
HackerOne reports that hackers are reporting more bugs and earning bigger bounties, but is an increase in testing or an increase in software vulnerabilities the cause of the jump?
Bug bounty hub HackerOne has announced that its user base of freelance bounty-hunting hackers have reported a whopping 66,000+ verified vulnerabilities in 2021, a 20% increase over last year's total.
In addition to the rise in the number of verified bugs, HackerOne's report also found that the median bounty paid out for a critical bug rose by 13%, and by 30% for bugs rated "High severity," which is one step below critical.
The central question of this report, whether or not the number of bugs in software is actually increasing, or if existing bugs are being found more frequently due to increased bug bounty program popularity, can't be definitively answered without additional insights.
Reports from VDPs rose by 47%, and bug reports from pentests rose by an amazing 264%. HackerOne said that it's seeing a big rise in the popularity of pentests, which it said is due to "Enhanced customer focus on compliance with security regulations and standards." In terms of sheer numbers pentests are only finding a sliver of the bugs that private bug bounties do: Pentests uncovered 1,804 bugs in 2021 to private bounty's 25,278.
Whether or not that should comfort you is up in the air: It seems more bugs are being found not because the number of bugs is increasing, but because the number of white-hat hackers using their powers for good is growing.