Tag Archive for: HackerOne

HackerOne encourages customers to adopt standard policy to protect hackers from legal problems

/in


‘Short, broad, easily-understood safe harbor statement’ offered

Bug bounty platform HackerOne has overhauled its policy guidelines to enhance legal protections for ethical hackers acting in good faith

HackerOne has revamped its policy guidelines to offer better protection from legal problems for ethical hackers acting in good faith.

The Gold Standard Safe Harbor (GSSH) that customers who run bug bounty programs through HackerOne are asked to agree offers a “short, broad, easily-understood safe harbor statement that’s simple for customers to adopt”.

Both vulnerability disclosure programs and bug bounty programs routinely include safe harbor agreements that explain the legal protections that hackers can expect. These agreements can vary, but by asking its customers to agree to a standard policy, HackerOne is aiming to reduce the bureaucratic overhead for ethical hackers.

‘Reduces the burden’

“While many programs already include safe harbor in their policies, the GSSH is a short, broad, easily-understood safe harbor statement that’s simple for customers to adopt,” according to the crowdsourced security platform. “This standardization also reduces the burden on hackers for parsing numerous different program statements.”

Gold Standard Safe Harbor launched on Wednesday, November 16. Organizations committing to the GSSH will replace their existing safe harbor statement with the GSSH on their program page, which will be marked with a digital badge. Hackers will be able to filter searches for programs based on participation in the GSSH scheme.

KAYAK, GitLab Inc, and Yahoo are among the first customers to opt for the GSSH’s standardized language. The GSSH is available for adoption by HackerOne customers worldwide even though its language most closely aligns with recent US government cybersecurity policy updates, The Daily Swig understands.

Catch up with the latest bug bounty news and analysis

Preliminary findings from HackerOne’s upcoming Hacker Report appear to vindicate efforts to strengthen legal safeguards for hackers.

The report will reveal that more than half of hackers have not reported a vulnerability they have discovered, with 12% ascribing their decision not to disclose to threatening legal language being used by the organization whose code contained the…

Source…

Newly Introduced HackerOne Assets Goes Beyond Attack Surface Management To Close Security Gaps

/in


SAN FRANCISCO, October 13, 2022: HackerOne, the leader in Attack Resistance Management, today announced the general availability of its HackerOne Assets product. Assets combines the core capabilities of Attack Surface Management (ASM) with the expertise and reconnaissance skills of ethical hackers to bring visibility, tracking, and risk prioritization to an organization’s digital asset landscape. Research from ESG
revealed that 69% of organizations have experienced a cyberattack through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset. Assets form a key part of HackerOne’s Attack Resistance Management portfolio that aims to discover unknown assets and vulnerabilities and close organizations’ security gaps.

With Assets, customers can manage both the discovery and testing of assets in a single platform. The solution blends security expertise with asset discovery, continuous assessment, and process improvements to reduce risk. HackerOne’s community of ethical hackers enrich the asset and scan data and analyze it themselves, ensuring that newly found assets are tested for risk and mapped according to their metadata. Once the assets have been identified and ranked for risk, security teams can use these insights to initiate pentests on newly discovered assets and add assets to their bug bounty scope.

“HackerOne Assets solves for the inefficiencies in traditional ASM scanning” explained Ashish Warty, SVP of Engineering at HackerOne. “It’s impossible for security teams to see their entire attack surface, while cloud transformation, agile product cycles, and mergers and acquisitions keep the threat landscape growing. By combining attack surface management with the creative power of the ethical hacking community, Assets reduces manual work, increases the accuracy of scanning results, and speeds up time to remediation by prioritizing based on real world risk.”

“Having in-depth visibility of our attack surface is a core part of our security strategy,” said Roy Davis, Lead Security Engineer at Zoom. “With HackerOne Assets and the insights it brings from the hacking community, our security team has been able to effectively prioritize those…

Source…

HackerOne Acquires Code Security Tester PullRequest

/in


HackerOne, the world’s most trusted provider of ethical hacking solutions, announced its acquisition of PullRequest, the pioneer of code-review-as-a-service. 

PullRequest’s technology and code reviewers will enable developer-first security testing solutions. These changes will ultimately help customers release trustworthy software faster by embedding expert security reviewers within their software development lifecycles (SDLCs).


Security remains a notorious blocker to innovation as organizations race to remain competitive in an increasingly digital world. Nearly half of developers feel more responsibility for security as their organizations prioritize security earlier in the SDLC. Code-review-as-a-service enables developers to identify issues faster with direct real-time feedback to make better code changes so high-quality, secure code ships to production.

PullRequest is trusted by thousands of organizations, from small startups to internet giants and government organizations. PullRequest offers code review to its customers via its reviewer community of senior-level developers, with expertise spanning platforms, from web to mobile, and all common coding languages and frameworks including React, Python, and Node. All reviewers are extensively background checked, evaluated for aptitude, and hold years of experience as software engineers at leading technology companies in Silicon Valley. 

Alex Rice, HackerOne Co-founder and CTO
Developer-first is the future of application and cloud security. Over 70% of organizations claim to integrate aspects of security earlier in development to minimize their attack resistance gap, yet less than 25% of security issues are found during development. We’re bringing feedback from security experts to the developer workflow so they can quickly fix bugs and get back to building.

Lyal Avery, CEO and founder of PullRequest
We founded PullRequest to help developers produce high-quality code, and quality is inseparable from security and privacy. Together, HackerOne and PullRequest will expand our now united mission to better serve all those working to build a safer internet for everyone.

Source…

LAPSUS$ Hacker Group Arrests; Okta Breached – ThreatWire

/in