Bug bounty platform HackerOne says ethical hackers have identified and reported more than 65,000 software vulnerabilities in 2022.
The popular hacker-powered platform, which hosts bug bounty programs for both private and public organizations, including government agencies, has paid out a total of $230 million in bug bounties since its inception.
To date, 22 hackers submitting vulnerability reports through HackerOne have earned over $1 million in bounties, up from 12 in 2021.
“Reports for vulnerability types typically introduced by digital transformation have seen the most significant growth with misconfigurations growing by 150% and improper authorization by 45%,” HackerOne notes in its latest annual report.
HackerOne reports that the overall time to remediation has increased from 35 to 37 days. Aviation and aerospace companies were the slowest to patch, with a median time to remediate of 148.3 days, followed by medical technology organizations, at 73.9 days. Cryptocurrency and blockchain firms were the fastest, with 11.6 days to remediate.
“A limited scope puts off 50% of hackers, but slow response time and poor communication are the issues that are most likely to prevent a hacker reporting a vulnerability,” the report shows.
According to HackerOne, organizations need to implement effective vulnerability reporting means, as 50% of hackers chose not to disclose the identified security issues because the impacted entities did not have a vulnerability disclosure program. Others (12%) were deterred by threatening legal language.
Cross-site scripting (XSS) vulnerabilities earned ethical hackers the largest amount of money in 2022, followed by improper access control bugs and information disclosure flaws. Insecure direct object reference (IDOR) and improper authorization rounded up the top five.
The report also shows that 95% of the hackers focus on identifying vulnerabilities in websites, while 24% of them focus on cloud platforms.
HackerOne says it has observed an overall 45% increase in program adoption, with organizations in the pharmaceutical sector registering the highest increase, at 700%. The automotive, telecommunications, and cryptocurrency and blockchain industries also registered high program adoption, at 400%, 156%, and 143% growth, respectively.
Related: HackerOne Bags $49 Million in Series E Funding
Related: Apple Paid Out $20 Million via Bug Bounty Program
Related: Google Boosts Bug Bounty Rewards for Linux Kernel Vulnerabilities

More from Ionut Arghire
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
- Chrome 114 Released With 18 Security Fixes
- Spyware Found in Google Play Apps With Over 420 Million Downloads
- Millions of WordPress Sites Patched Against Critical Jetpack Vulnerability
- PyPI Enforcing 2FA for All Project Maintainers to Boost Security
- Personal Information of 9 Million Individuals Stolen in MCNA Ransomware Attack
Latest News
- Russia Blames US Intelligence for iOS Zero-Click Attacks
- Toyota Discloses New Data Breach Involving Vehicle, Customer Information
- Cisco Acquiring Armorblox for Predictive and Generative AI Technology
- Moxa Patches MXsecurity Vulnerabilities That Could Be Exploited in OT Attacks
- Amazon Settles Ring Customer Spying Complaint
- Organizations Warned of Salesforce ‘Ghost Sites’ Exposing Sensitive Information
- Adobe Inviting Researchers to Private Bug Bounty Program
- Critical Vulnerabilities Found in Faronics Education Software
