HackerOne and SecurityScorecard announced an integrated solution that uses hacker-powered security signals and data as a leading indicator for evaluating corporate and supply chain cyber risk.
With this integration, SecurityScorecard users will gain visibility into relevant security issues and ‘hacker activity’ for vendor Scorecards before they can be exploited and receive actionable Insights in a single pane of glass.
By seamlessly integrating the HackerOne API into the SecurityScorecard platform, users will now be able to showcase their bug bounty and vulnerability disclosure efforts in their scorecards and gain visibility into how their suppliers and partners are deploying these programs within their own environments.
Insights added — including vulnerabilities resolved, median time to remediation and resolution, and more — will demonstrate how these programs can resolve risk and harden attack surfaces.
HackerOne takes an adversarial approach to security testing, connecting enterprises with ethical hackers to identify and safely report vulnerabilities before they can be exploited.
This complements SecurityScorecard’s outside-in approach to evaluating an organization’s security posture. The company’s proprietary technology continuously monitors 10 risk factor groups to deliver an A-F rating and empower organizations to improve their own security posture and assess the risk of vendors.
“Incorporating this combined signal shows a true 360 degree posture, and rewards companies for the efforts they take proactively to have security researchers find vulnerabilities on their sites,” said Aleksandr Yampolskiy, CEO at SecurityScorecard.
“We are excited to partner with HackerOne and are confident organizations and insurers will be enabled to better pinpoint risks with this comprehensive data.”
SecurityScorecard customers will be able to opt-in in order to take advantage of the integration, and can use the information to better understand the strength of any organization’s security program.
A “Hacker Report” informational signal will appear on a Scorecard for companies with an active public security or bug bounty program when a hacker report is published.
The presence of a HackerOne program will be reflected as a positive signal within SecurityScorecard’s Patching Cadence Factor.
“Today, organizations across all industries are leveraging hacker-powered security programs to discover and shore up their true attack surfaces,” said Alex Rice, Co-founder and Chief Technology Officer at HackerOne.
“With the expertise of the global hacker community continuously evaluating your full security posture, your teams will gain a powerful level of insight into the real world risks facing you and your partners. This best practice is now a crucial step toward a proactive security posture that confidently supports today’s rapidly evolving business needs.”