17,447 flaws found this year For 4 consecutive years, record upgrade

About 150 more than last year… The ratio is about the same when classified by fear. Improved culture of growth and the capacity to identify flaws in a pinch… All have affected the increase in vulnerabilities.

The US Intrusion Response Center (US-CERT) has announced that it has reported 17,447 vulnerabilities this year. For four straight years, the record will be revised. The number of vulnerabilities was 17.306 last year. This year, 4,168 people were counted from the high-risk group, 10,710 from the moderate stage, and 2,569 from the low-risk group. Last year’s rate is equivalent.

Why is the vulnerability only gradually increasing?

Will the sloppyness of developers never be fixed? Through their capacity to uncover flaws, are white hat hackers gradually being forged? Experts say all of these variables run evenly.

The number of bugs submitted in the past 12 months soared by 50 percent over the previous year, according to a survey by bug bounty site Bugcrowd. Among them, 65 percent increased the amount of highly dangerous flaws and 4 percent increased findings that could be eligible for prize money. CTO Casey Ellis states that the ability of security professionals to find more dangerous vulnerabilities and to write reports is much better than before.”

image source: www.information-age.com

Several of the bugs come from mobile software. Vulnerabilities observed in other areas, however, are also growing increasingly. When hackers with experience in other areas begin to uncover bugs in addition to web applications, there are predictions that the ratio can eventually shift. The number of API bugs rose considerably in particular, revealing double the number compared to last year. For Android, the number of bugs since last year has almost tripled.

Because of the crown, defense analysts were very busy this year. He switched to help working from home in the beginning. Even two bodies were not enough to keep workers safe when operating at home, to maintain the company as normal, and to track all sorts of attack routes sharply across the company’s network. As this situation existed, however, and as I got more acquainted with the remote work method, time remained. I switched to the Bug Bounty when I had time at home.

‘Two Work’ and ‘Three Job’ were initiated.
So in a report, not only the bugcrow, but HackerOne has reported that the number of security experts interested in the bug bounty has dramatically improved. It is said that just this year did one-third of all the bugs that Hacker One has discovered so far appear. The number of HackerOne enrolled security practitioners increased by 59 percent in a year and bug reports submitted increased by 28 percent.

This year too, the idea of ‘vulnerabilities’ by consumer firms or businesses on the side of paying the bug bounty had to adjust. Typically, in ‘customer-used’ or ‘customer-directed’ resources, those organisations only have set vulnerabilities.

As the shape of the network shifted completely due to the corona, however, we started paying attention to the vulnerabilities that originated from ‘third-party components.’ In specific, the news of flaws from VPNs, video conferencing solutions, and applications that have started to flame workers that have gone home.

Alex Rice, CTO of Hacker One, said There was a work pattern that was greatly out of order, and then the abnormal work type became normal and it became normal.” Explain. Explain. “No organizational managers or security officers would have been able to be comfortable watching existing security measures break down at a rapid pace.”

It is clear that the rise in insecurity has led to both of these causes. It should also be recalled, though that Corona has transformed the software development community. Several organisations had to semi-forcibly disperse developers into their own homes, and so become restless. They started to miss quality assurance measures in a hurry to produce. Third-party and open source reliance has grown. “The development process itself is moving toward a side where there are many vulnerabilities, rather than a problem for each developer.”the process of development itself moves to a side where many vulnerabilities occur, rather than a problem for each developer.