CIO Influence
CIO Influence News Security

Organizations Can Reduce Business Risk From Exploits and Improve Vulnerability Monitoring With HackerOne Platform Enhancements

Organizations Can Reduce Business Risk From Exploits and Improve Vulnerability Monitoring With HackerOne Platform Enhancements

HackerOne, the world’s most trusted hacker-powered security platform, announced new product features for customers and hackers in conjunction with its annual Security@ conference. HackerOne has expanded its security intelligence services by creating a HackerOne Global Top 10 vulnerability rating table to complement OWASP’s Top 10. The HackerOne Top 10 is based on real-world vulnerabilities found by our global hacker community. The new Intelligence features will also provide insight into exploited vulnerabilities with its CVE Exploitation Index. For hackers, HackerOne launched the first-ever hacker API in July and has now added bounty table ranges and a bounty calculator to increase transparency. Finally, there have been a number of updates to improve the security workflow for large global enterprises, including improved access management, control, and improved connectivity with external applications.

“Streamlining vulnerability management programs for customers of all sizes has been a key focus for HackerOne since we were founded,” said Rand Wacker, SVP of Product at HackerOne. “We want hackers to be able to prioritize bug hunting and our customers to gain sophisticated intelligence that, combined, will make a real difference to their security strategies. With these updates, we’re looking forward to seeing how customers use the valuable data provided by our hackers to inform overall security programs within their organizations.”

Recommended ITech News: Rajant Announces New LTE BreadCrumb Plus Personnel and Asset Tracking “MeshTracer” Software at MINExpo

Security Intelligence

The Open Web Application Security Project (OWASP) Top 10 is broadly used as a guideline to understand where a security team should prioritize its vulnerability management efforts. The OWASP 2021 Top 10 introduced three new categories: Insecure Design, Software and Data Integrity Failures, and a group for Server-Side Request Forgery (SSRF) attacks. HackerOne not only contributed data, but its ongoing collaboration and partnership also influenced the content. The new HackerOne Global Top 10 goes a step further with more regular updates and providing industry specific data. HackerOne leverages its unique dataset to give customers even greater insight into the most impactful weaknesses from a hacker perspective, based on what is being discovered and rewarded for on the platform that would otherwise not have surfaced in the OWASP Top 10. The HackerOne Global Top 10 will also be incorporated into HackerOne Assessment scopes as a standard to go beyond a typical pentest check against the OWASP Top 10.

HackerOne’s CVE Exploitation Index takes intelligence a step further. Whereas a scanner only provides information based on a set algorithm or analyst’s estimates, this feature provides a view of which CVEs are most exploitable, based on real-world data from the HackerOne platform. The data represents which CVEs are being discovered most by hackers. Customers can use the index in conjunction with CISA’s list of the top 30 most exploited CVEs to patch the CVEs that put organizations most at risk.

These new vulnerability intelligence capabilities are expected to be available in the HackerOne platform by the end of this year.

Hacker Efficiency

Increasing efficiency in hacker workflows and payment transparency allows hackers to focus their time on finding vulnerabilities and integrating with existing customer development workflows.

The new bounty table ranges and bounty calculator provide a means for customers to set bounty ranges, bringing consistency to the way bounties are awarded. This creates more transparency for hackers, increasing trust between organizations and hackers, resulting in improved hacker motivation.

The Hacker API allows hackers to spend more time on finding vulnerabilities. The API automates a hacker’s workflow by giving them immediate access to program information, provides access to view all vulnerabilities and see report updates, and gives them a way to monitor their earnings and payouts for tax reporting.

Recommended ITech News: Severn Trent Turns To IGEL OS For An Easy To Manage And Secure End-user Computing Solution

Security Workflows

HackerOne’s security workflows centralize access management, control, and connectivity to external applications in the HackerOne Platform. The new updates include:

  • Organized Homepage Access – Gain a unified view and easy access to different program sections, such as the security page, settings, reports, and inbox prioritization to see the most important reports first.
  • Centralized User Management – Add users to the organizational view of your HackerOne experience and centrally manage their access to multiple programs and reports.
  • Enhanced Navigation – Access a report’s sidebar for the visibility to report and relay information while maintaining easy access to the metadata needed to support security actions. Enable for users the flexibility to interact with the HackerOne platform while untethered from workstations via mobile optimization.
  • Improved Jira Integration – Obtain connectivity to any number of Jira instances allowing configurable support for different teams and projects, eliminating the need for manual workarounds.

Recommended ITech News: USU recognized in 2021 Gartner Magic Quadrant for IT Service Management Tools

Related posts

Sonata Software Bolsters Adoption of Generative AI Solutions With AWS

PR Newswire

Security Innovation Releases Ultra-Realistic Cloud Cyber Range to Up Level Security Skills

Brazilian Firms Act on Digital Transformation Plans in Response to Pandemic Disruptions

CIO Influence News Desk

Leave a Comment