Tech brands sign on to HackerOne responsible security drive


Technology brands including GitLab, Starling Bank, TikTok and Wix have signed on to support a new corporate security responsibility pledge drive initiated by penetration testing and bug bounty specialist HackerOne.

The aim of the pledge is to encourage an industry-wide call to action for more transparency and a positive culture around cyber security best practice, as well as ultimately to build a safer internet for all. It focuses on four key areas:

  • Encouraging transparency to share cyber intelligence and build trust.
  • Fostering a culture of collaboration that makes the tools needed to reduce risk in the hands of everybody.
  • Promoting innovation by inspiring developers to work with security in mind.
  • Holding pledges and their suppliers accountable to following best practice to develop security as a point of differentiation.

Starling Bank’s head of cyber security, Mark Rampton, said: “At Starling, we assume that everything has the potential to be vulnerable, and believe that hyper-vigilance is the best way to stay ahead of threats.

“Security isn’t something we can do in isolation. We work with every member of our staff – and the wider security community, including HackerOne – to ensure we continually fulfil our mission of keeping customer funds and data protected.”

TikTok’s global chief security officer, Roland Cloutier, added: “Transparency is core to TikTok’s business and brand. We deliver transparency on everything from content moderation to our bug bounty programme, so our users are free to innovate and fulfil our mission of inspiring creativity, and bringing joy.

“We know the best way to keep our global TikTok community safe and secure is by inviting the disclosure of potential vulnerabilities, so we can quickly eliminate them.”

HackerOne’s pledge drive comes off the back of a new research report, The corporate security trap: shifting security culture from secrecy to transparency, which found that 64% of organisations maintain a culture of “security through obscurity” and 38% are opaque about how they “do” security.

A majority of security professionals also tended to feel they struggled to build a positive security culture within…

Source…