Organizations Can Reduce Business Risk From Exploits and Improve Vulnerability Monitoring With HackerOne Platform Enhancements

HackerOne, the world’s most trusted hacker-powered security platform, today announced new product features for customers and hackers in conjunction with its annual Security@ conference. HackerOne has expanded its security intelligence services by creating a HackerOne Global Top 10 vulnerability rating table to complement OWASP’s Top 10. The HackerOne Top 10 is based on real-world vulnerabilities found by our global hacker community. The new Intelligence features will also provide insight into exploited vulnerabilities with its CVE Exploitation Index. For hackers, HackerOne launched the first-ever hacker API in July and has now added bounty table ranges and a bounty calculator to increase transparency. Finally, there have been a number of updates to improve the security workflow for large global enterprises, including improved access management, control, and improved connectivity with external applications.

Marketing Technology News: MarTech Interview with Eddie Porrello, Director of Product at Amber Engine

“Streamlining vulnerability management programs for customers of all sizes has been a key focus for HackerOne since we were founded”

“Streamlining vulnerability management programs for customers of all sizes has been a key focus for HackerOne since we were founded,” said Rand Wacker, SVP of Product at HackerOne. “We want hackers to be able to prioritize bug hunting and our customers to gain sophisticated intelligence that, combined, will make a real difference to their security strategies. With these updates, we’re looking forward to seeing how customers use the valuable data provided by our hackers to inform overall security programs within their organizations.”

Security Intelligence

The Open Web Application Security Project (OWASP) Top 10 is broadly used as a guideline to understand where a security team should prioritize its vulnerability management efforts. The OWASP 2021 Top 10 introduced three new categories: Insecure Design, Software and Data Integrity Failures, and a group for Server-Side Request Forgery (SSRF) attacks. HackerOne not only contributed data, but its ongoing collaboration and partnership also influenced the content. The new HackerOne Global Top 10 goes a step further with more regular updates and providing industry specific data. HackerOne leverages its unique dataset to give customers even greater insight into the most impactful weaknesses from a hacker perspective, based on what is being discovered and rewarded for on the platform that would otherwise not have surfaced in the OWASP Top 10. The HackerOne Global Top 10 will also be incorporated into HackerOne Assessment scopes as a standard to go beyond a typical pentest check against the OWASP Top 10.

HackerOne’s CVE Exploitation Index takes intelligence a step further. Whereas a scanner only provides information based on a set algorithm or analyst’s estimates, this feature provides a view of which CVEs are most exploitable, based on real-world data from the HackerOne platform. The data represents which CVEs are being discovered most by hackers. Customers can use the index in conjunction with CISA’s list of the top 30 most exploited CVEs to patch the CVEs that put organizations most at risk.

These new vulnerability intelligence capabilities are expected to be available in the HackerOne platform by the end of this year.

Hacker Efficiency

Increasing efficiency in hacker workflows and payment transparency allows hackers to focus their time on finding vulnerabilities and integrating with existing customer development workflows.

The new bounty table ranges and bounty calculator provide a means for customers to set bounty ranges, bringing consistency to the way bounties are awarded. This creates more transparency for hackers, increasing trust between organizations and hackers, resulting in improved hacker motivation.

The Hacker API allows hackers to spend more time on finding vulnerabilities. The API automates a hacker’s workflow by giving them immediate access to program information, provides access to view all vulnerabilities and see report updates, and gives them a way to monitor their earnings and payouts for tax reporting.

Marketing Technology News: Dubber Acquires World Class AI Technology Company Notiv