Tag Archive for: HackerOne

Tech brands sign on to HackerOne responsible security drive

/in


Technology brands including GitLab, Starling Bank, TikTok and Wix have signed on to support a new corporate security responsibility pledge drive initiated by penetration testing and bug bounty specialist HackerOne.

The aim of the pledge is to encourage an industry-wide call to action for more transparency and a positive culture around cyber security best practice, as well as ultimately to build a safer internet for all. It focuses on four key areas:

  • Encouraging transparency to share cyber intelligence and build trust.
  • Fostering a culture of collaboration that makes the tools needed to reduce risk in the hands of everybody.
  • Promoting innovation by inspiring developers to work with security in mind.
  • Holding pledges and their suppliers accountable to following best practice to develop security as a point of differentiation.

Starling Bank’s head of cyber security, Mark Rampton, said: “At Starling, we assume that everything has the potential to be vulnerable, and believe that hyper-vigilance is the best way to stay ahead of threats.

“Security isn’t something we can do in isolation. We work with every member of our staff – and the wider security community, including HackerOne – to ensure we continually fulfil our mission of keeping customer funds and data protected.”

TikTok’s global chief security officer, Roland Cloutier, added: “Transparency is core to TikTok’s business and brand. We deliver transparency on everything from content moderation to our bug bounty programme, so our users are free to innovate and fulfil our mission of inspiring creativity, and bringing joy.

“We know the best way to keep our global TikTok community safe and secure is by inviting the disclosure of potential vulnerabilities, so we can quickly eliminate them.”

HackerOne’s pledge drive comes off the back of a new research report, The corporate security trap: shifting security culture from secrecy to transparency, which found that 64% of organisations maintain a culture of “security through obscurity” and 38% are opaque about how they “do” security.

A majority of security professionals also tended to feel they struggled to build a positive security culture within…

Source…

HackerOne Appoints Chris Evans as Chief Information Security Officer

/in


Founder of Google Project Zero, and head of Tesla and Dropbox security, will also hold the title of Chief Hacking Officer

SAN FRANCISCO, December 08, 2021–(BUSINESS WIRE)–HackerOne, the world’s most trusted hacker-powered security platform, today announced the appointment of its Chief Information Security Officer (CISO). A pillar of the security industry, Chris Evans, will also hold the newly created role of Chief Hacking Officer. The Chief Hacking Officer role will give hackers an additional seat at the table at HackerOne, with Chris collaborating with the community to deliver their point of view in executive level discussions. The role will also advise and support organizations with best practices for partnering with the community and be responsible for developing the next generation of hackers.

“All software has security vulnerabilities,” explained Chris. “The only way to outpace the cybercriminals is to enlist the help of external security researchers. Across every industry, we’re seeing the most innovative companies and CISOs embrace ethical hackers to reduce risk. I look forward to working with the best hackers in the world and supporting them in helping companies and governments increase their resistance to attacks.”

Chris has been instrumental in developing cybersecurity best practices and essential initiatives, including founding the Google Chrome security team and Google Project Zero security research team. Google Project Zero was founded on the basis of collaboration and transparency with the aim of finding zero day vulnerabilities in all software, not only Google owned products. Chris has also since held the top security position at Dropbox and Tesla.

“There are few people in our industry who have done as much to advance cybersecurity through ethical hacking as Chris Evans and we are honored to welcome him at HackerOne,” said Marten Mickos, CEO of HackerOne. “The best CISOs in the world understand hacking, and in his dual role, Chris will represent the community on our executive team and develop security best practices both internally and for our customers.”

Chris will also support HackerOne’s expansion of its security intelligence solutions, which…

Source…

HackerOne Extends Internet Bug Bounty Program To Include Open Source Bugs

/in



HackerOne has received sponsors from Facebook, TikTok, Shopify, and more for the extended Internet Bug Bounty (IBB) program scope.

Source…

SecurityScorecard taps HackerOne to bring bug bounty data to security ratings

/in


Join Transform 2021 this July 12-16. Register for the AI event of the year.

HackerOne and SecurityScorecard have announced a platform integration that will showcase data from the ethical hacking community on a company’s digital scorecard.

SecurityScorecard, for the uninitiated, is a cybersecurity rating and risk-monitoring platform major companies such as Nokia, AXA, and Liberty Mutual use to monitor and assess security throughout their supply chain, including weaknesses in third-party vendors. It’s kind of like a credit score rating for security.

HackerOne, meanwhile, connects businesses with security researchers, or “white hat hackers,” who are financially incentivized to find software vulnerabilities before bad actors do. The HackerOne platform has powered bug bounty programs for major businesses, including Microsoft, Google, Intel, the U.S. Department of Defense, and Goldman Sachs. The San Francisco-based company recently touted major enterprise growth, with nearly half of its new sales stemming from businesses with over $1 billion in revenue.

Risk categories

SecurityScorecard uses 10 broad risk categories as part of its rating system, including endpoint security, network security, DNS health, and patching cadence. It also uses a risk category it calls “hacker chatter,” which automatically collects and analyzes conversations from popular public hacker community channels, such as private forums, social networks, and internet relay chat (IRC). It’s all about finding mentions of a business and its associated digital properties to assess whether any potential undisclosed exploits are being discussed.

This latest partnership with HackerOne builds on that basic concept, though it instead surfaces official bug bounty and vulnerability disclosure data gleaned from HackerOne’s API.

Above: HackerOne score in SecurityScorecard

For SecurityScorecard customers, a “hacker report” signal will appear on scorecards for companies that use HackerOne, though this is on an entirely opt-in basis.

Enterprises will be able to see recent security issues involving companies in their supply chain and take appropriate action — with the ability to download a CSV file…

Source…