Cybersecurity corporations Genians said on the 29th that as a result of running its "security vulnerability reporting reward program" in the first half of this year, the number of vulnerability submissions rose about 129% from a year earlier. Rewards paid increased 1,046% in the same period.
The security vulnerability reporting reward program (hereafter bug bounty) is a system that pays rewards to white hat hackers who find security weaknesses in software or web services. Genians explained that "as the popularization of artificial intelligence (AI) technology coincides with the emergence of high-risk vulnerabilities, both the number of submissions and the rewards paid have increased."
As AI technology advances rapidly, white hat hackers have begun using AI to conduct detection activities that automatically find security vulnerabilities.
With ultra-fast, large-scale, and increasingly sophisticated AI threats that abuse AI becoming commonplace, analysts say the existing information security system focused on after-the-fact response has reached a fundamental limit. Accordingly, Genians said that systems for reporting, remediating, and disclosing security vulnerabilities are becoming essential. Global tech corporations including Google, Apple, and Amazon are also actively running bug bounty programs.
Genians joined as a co-operator of the new software vulnerability reporting reward program operated by the Korea Internet & Security Agency (KISA) and in 2022 implemented the domestic security industry's first standalone bug bounty program. In particular, it established an integrated security vulnerability management system by linking bug bounties with a vulnerability disclosure policy (VDP) and coordinated vulnerability disclosure (CVD), and since February this year it has expanded the bug bounty program to all products and services.
Kim Gye-yeon, Genians chief technology officer (CTO) and head of the U.S. subsidiary, said, "Going forward, we will further solidify our in-house bug bounty within a CVD-VDP framework that meets global standards to deliver reliable products to customers worldwide and lead the healthy development of the global security ecosystem."