HackerOne and SecurityScorecard create new security platform

The first-of-its-kind integrated solution uses hacker-powered security signals to evaluate corporate and supply chain cyber risk.

Hacker-powered security platform, HackerOne and SecurityScorecard, a global leader in cybersecurity ratings have created a new integrated solution for evaluating cyber risks. With this integration, SecurityScorecard users will gain visibility into relevant security issues and ‘hacker activity’ for vendor Scorecards before they can be exploited and receive actionable Insights in a single pane of glass. 

By seamlessly integrating the HackerOne API into the SecurityScorecard platform, users will now be able to showcase their bug bounty and vulnerability disclosure efforts in their scorecards and gain visibility into how their suppliers and partners are deploying these programmes within their own environments. Insights added, including vulnerabilities resolved, median time to remediation and resolution, and more, will demonstrate how these programmes can resolve risk and harden attack surfaces.

HackerOne takes an adversarial approach to security testing, connecting enterprises with ethical hackers to identify and safely report vulnerabilities before they can be exploited. This complements SecurityScorecard's outside-in approach to evaluating an organisation’s security posture. The company’s proprietary technology continuously monitors 10 risk factor groups to deliver an A-F rating and empower organisations to improve their own security posture and assess the risk of vendors. 

“Incorporating this combined signal shows a true 360 degree posture, and rewards companies for the efforts they take proactively to have security researchers find vulnerabilities on their sites,” says Aleksandr Yampolskiy, CEO at SecurityScorecard. “We are excited to partner with HackerOne and are confident organisations and insurers will be enabled to better pinpoint risks with this comprehensive data"

SecurityScorecard customers will be able to opt-in in order to take advantage of the integration, and can use the information to better understand the strength of any organisation's security programme.  A “Hacker Report” informational signal will appear on a Scorecard for companies with an active public security or bug bounty programme when a hacker report is published.

The presence of a HackerOne programme will be reflected as a positive signal within SecurityScorecard's Patching Cadence Factor.

“Today, organisations across all industries are leveraging hacker-powered security programmes to discover and shore up their true attack surfaces,” says Alex Rice, Co-founder and Chief Technology Officer at HackerOne.

“With the expertise of the global hacker community continuously evaluating full security posture, teams will gain a powerful level of insight into the real world risks facing you and your partners. This best practice is now a crucial step toward a proactive security posture that confidently supports today's rapidly evolving business needs."

Hacker One works with a host of Fortune 500 and Forbes Global 1,000 companies to test and secure the applications they depend on to run their business. Its clients include Starbucks, Paypal, Nintendo, Spotify and Toyota.


Featured Articles

Global events driving rise in DDoS attacks, says Netscout

Report by Netscout found that DDoS attacks grew 31% YoY in the first half of 2023 with a staggering 44,000 each day, fuelled by world events

UK police cyberattack a reminder of third party risk

Cyber criminals use back-door suppliers cyberattack to spread alarm through Britain's biggest police force

Building Cyber Resilience into ‘OT in Manufacturing’ webinar

Join Acronis' webinar, Building Cyber Resilience into ‘OT in Manufacturing’, 21st September 2023

Trustwave report on hospitality industry security threats

Cyber Security

Barracuda Managed XDR uses AI to uncover cyber incidents

Technology & AI

Imperva: 32% of work data breaches could have been avoided

Operational Security