EDITOR’S QUESTION
TO WHAT EXTENT
ARE HUMANS MORE
EFFECTIVE THAN
AUTOMATION TOOLS
FOR DISCOVERING
SECURITY
VULNERABILITIES?
//////////////////////////////////////////////////////////////////////////////////////////////////////////
H
ackerOne, a leading hacker-powered security platform, has
announced the results of a study that revealed the majority
of security professionals believe humans remain more
effective than machines when it comes to securing digital assets.
The study, which was carried out at Infosecurity Europe in June 2019,
revealed that 53% of security professionals believe the outsider
perspective – hackers and pen testers – are the most effective technique
for discovering unknown security vulnerabilities, while only 27% believe
vulnerability scanners and automation are the most reliable.
“I’m actually surprised that there are still a large number of people
who would put their trust solely into automated scanners,” said
Laurie Mercer, a Security Engineer at HackerOne. “The singularity is
not here. Automation is no match for human intelligence.”
has also recently announced its Top 20 Bounty Programs that hackers
work on to find vulnerabilities.
Based on HackerOne’s 1,400 customer programs, this list was
curated using public details available in the HackerOne directory
of programs, with rankings based on the total amount of each
organisation’s cumulative bounties awarded to hackers over the life
of their program.
It also includes accolades for those programs who placed in the top
five for fastest response time, fastest time to bounties paid, most
hackers thanked, most vulnerability reports resolved and more.
Hackers are attracted to programs that are responsive, pay well and
pay quickly.
The study also revealed that over one in 10 (12%) organisations
have suffered a recent security breach as a result of an unpatched
vulnerability and 79% of respondents said they thought unknown
security vulnerabilities posed a serious threat to their organisation.
“We are all vulnerable and we all suffer the consequences. Let’s help
each other out. There is a huge community of trustworthy people
who are naturally talented at finding unpatched and unknown
security vulnerabilities. The best way to prevent getting hacked is to
try to get hacked by people you trust. Together, we can build a safer
Internet,” said Mercer.
Companies are globally increasing their trust in ethical hackers to
help secure their websites, applications and hardware. HackerOne
32
INTELLIGENTCIO
www.intelligentcio.com