HackerOne, the most trusted hacker-powered security platform, and SecurityScorecard, a global leader in cybersecurity ratings, announced a first-of-its-kind integrated solution that uses hacker-powered security signals and data as a leading indicator for evaluating corporate and supply chain cyber risk. With this integration, SecurityScorecard users will gain visibility into relevant security issues and ‘hacker activity’ for vendor Scorecards before they can be exploited and receive actionable Insights in a single pane of glass.
By seamlessly integrating the HackerOne API into the SecurityScorecard platform, users will now be able to showcase their bug bounty and vulnerability disclosure efforts in their scorecards and gain visibility into how their suppliers and partners are deploying these programs within their own environments. Insights added — including vulnerabilities resolved, median time to remediation and resolution, and more — will demonstrate how these programs can resolve risk and harden attack surfaces.
HackerOne takes an adversarial approach to security testing, connecting enterprises with ethical hackers to identify and safely report vulnerabilities before they can be exploited. This complements SecurityScorecard's outside-in approach to evaluating an organization’s security posture. The company’s proprietary technology continuously monitors 10 risk factor groups to deliver an A-F rating and empower organizations to improve their own security posture and assess the risk of vendors.
“Incorporating this combined signal shows a true 360 degree posture, and rewards companies for the efforts they take proactively to have security researchers find vulnerabilities on their sites,” said Aleksandr Yampolskiy, CEO at SecurityScorecard. “We are excited to partner with HackerOne and are confident organizations and insurers will be enabled to better pinpoint risks with this comprehensive data."
SecurityScorecard customers will be able to opt-in in order to take advantage of the integration, and can use the information to better understand the strength of any organization's security program. A “Hacker Report” informational signal will appear on a Scorecard for companies with an active public security or bug bounty program when a hacker report is published.
The presence of a HackerOne program will be reflected as a positive signal within SecurityScorecard's Patching Cadence Factor.
“Today, organizations across all industries are leveraging hacker-powered security programs to discover and shore up their true attack surfaces,” said Alex Rice, Co-founder and Chief Technology Officer at HackerOne. “With the expertise of the global hacker community continuously evaluating your full security posture, your teams will gain a powerful level of insight into the real world risks facing you and your partners. This best practice is now a crucial step toward a proactive security posture that confidently supports today's rapidly evolving business needs."
On May 27 at 10:00 a.m. PT, Alex Rice, CTO and co-founder at HackerOne, and Mike Wilkes, CISO at SecurityScorecard, will host a hands-on educational workshop to explore how vulnerability disclosure programs, bug bounties and security rating services can work together to drive down cyber risk. Our expert speakers will share best practices for successful programs and the signals can help assess risk severity. Other topics include cyber ratings, how they work, and the use-cases they can support. Together, attendees will learn how these tools and programs can, collectively, help with third-party risk and cyber insurance. To attend, register here: https://www.hackerone.com/leading-indicators-for-the-leading-indicators
HackerOne empowers the world to build a safer internet. As the world’s most trusted hacker-powered security platform, HackerOne gives organizations access to the largest community of hackers on the planet. Armed with the most robust database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risk by searching, finding, and safely reporting real-world security weaknesses for organizations across all industries and attack surfaces. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Intel, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter, and Verizon Media. HackerOne was ranked fifth on the Fast Company World’s Most Innovative Companies list for 2020.
Funded by world-class investors including Silver Lake Partners, Sequoia Capital, GV, Riverwood Capital, and others, SecurityScorecard is the global leader in cybersecurity ratings with more than 5 million companies continuously rated. Founded in 2013 by security and risk experts, Dr. Aleksandr Yampolskiy and Sam Kassoumeh, SecurityScorecard’s patented rating technology is used by over 16,000 organizations for enterprise risk management, third-party risk management, board reporting, due diligence, and cyber insurance underwriting. SecurityScorecard continues to make the world a safer place by transforming the way companies understand, improve and communicate cybersecurity risk to their boards, employees, and vendors. Every company has the universal right to their trusted and transparent Instant SecurityScorecard rating. For more information, visit securityscorecard.com or connect with us on LinkedIn.
View source version on businesswire.com: https://www.businesswire.com/news/home/20210511005470/en/