HackerOne and SecurityScorecard create new security platform

Hacker-powered security platform, HackerOne and SecurityScorecard, a global leader in cybersecurity ratings have created a new integrated solution for evaluating cyber risks. With this integration, SecurityScorecard users will gain visibility into relevant security issues and ‘hacker activity’ for vendor Scorecards before they can be exploited and receive actionable Insights in a single pane of glass. 

By seamlessly integrating the HackerOne API into the SecurityScorecard platform, users will now be able to showcase their bug bounty and vulnerability disclosure efforts in their scorecards and gain visibility into how their suppliers and partners are deploying these programmes within their own environments. Insights added, including vulnerabilities resolved, median time to remediation and resolution, and more, will demonstrate how these programmes can resolve risk and harden attack surfaces.

HackerOne takes an adversarial approach to security testing, connecting enterprises with ethical hackers to identify and safely report vulnerabilities before they can be exploited. This complements SecurityScorecard's outside-in approach to evaluating an organisation’s security posture. The company’s proprietary technology continuously monitors 10 risk factor groups to deliver an A-F rating and empower organisations to improve their own security posture and assess the risk of vendors. 

“Incorporating this combined signal shows a true 360 degree posture, and rewards companies for the efforts they take proactively to have security researchers find vulnerabilities on their sites,” says Aleksandr Yampolskiy, CEO at SecurityScorecard. “We are excited to partner with HackerOne and are confident organisations and insurers will be enabled to better pinpoint risks with this comprehensive data"

SecurityScorecard customers will be able to opt-in in order to take advantage of the integration, and can use the information to better understand the strength of any organisation's security programme.  A “Hacker Report” informational signal will appear on a Scorecard for companies with an active public security or bug bounty programme when a hacker report is published.

The presence of a HackerOne programme will be reflected as a positive signal within SecurityScorecard's Patching Cadence Factor.

“Today, organisations across all industries are leveraging hacker-powered security programmes to discover and shore up their true attack surfaces,” says Alex Rice, Co-founder and Chief Technology Officer at HackerOne.

“With the expertise of the global hacker community continuously evaluating full security posture, teams will gain a powerful level of insight into the real world risks facing you and your partners. This best practice is now a crucial step toward a proactive security posture that confidently supports today's rapidly evolving business needs."

Hacker One works with a host of Fortune 500 and Forbes Global 1,000 companies to test and secure the applications they depend on to run their business. Its clients include Starbucks, Paypal, Nintendo, Spotify and Toyota.