The firm claimed that the mammoth combined costs of the breaches could have been avoided had the vulnerabilities – which included third-party JavaScript exploits, an out-of-date WordPress interface and SQL injection – been identified and responsibly disclosed by researchers as part of a bug bounty program. HackerOne stated the victim organizations would have collectively only had to pay out between £9600-£32,000, based on average bug bounty prices.
“Attack surfaces are growing all the time, and it’s a significant challenge just trying to stay ahead of cyber-criminals. The most secure organizations realize there are many ways to identify where they are most vulnerable,” said Prash Somaiya, security engineer at HackerOne.
“By running bug bounty programs and asking hackers to find their weak spots, our customers have safely resolved over 120,000 vulnerabilities before a breach could occur. This research is a rough estimate on bounty prices, based on our existing programs across the same industries, but it does highlight that companies can save millions and reduce risk by being proactive when it comes to identifying and patching their vulnerabilities.”
This post was originally published by Infosecurity Magazine on infosecurity-magazine.com