Le Lézard
Classified in: Science and technology
Subjects: Conference, Product/Service

Organizations Can Reduce Business Risk From Exploits and Improve Vulnerability Monitoring With HackerOne Platform Enhancements


HackerOne, the world's most trusted hacker-powered security platform, today announced new product features for customers and hackers in conjunction with its annual Security@ conference. HackerOne has expanded its security intelligence services by creating a HackerOne Global Top 10 vulnerability rating table to complement OWASP's Top 10. The HackerOne Top 10 is based on real-world vulnerabilities found by our global hacker community. The new Intelligence features will also provide insight into exploited vulnerabilities with its CVE Exploitation Index. For hackers, HackerOne launched the first-ever hacker API in July and has now added bounty table ranges and a bounty calculator to increase transparency. Finally, there have been a number of updates to improve the security workflow for large global enterprises, including improved access management, control, and improved connectivity with external applications.

"Streamlining vulnerability management programs for customers of all sizes has been a key focus for HackerOne since we were founded," said Rand Wacker, SVP of Product at HackerOne. "We want hackers to be able to prioritize bug hunting and our customers to gain sophisticated intelligence that, combined, will make a real difference to their security strategies. With these updates, we're looking forward to seeing how customers use the valuable data provided by our hackers to inform overall security programs within their organizations."

Security Intelligence

The Open Web Application Security Project (OWASP) Top 10 is broadly used as a guideline to understand where a security team should prioritize its vulnerability management efforts. The OWASP 2021 Top 10 introduced three new categories: Insecure Design, Software and Data Integrity Failures, and a group for Server-Side Request Forgery (SSRF) attacks. HackerOne not only contributed data, but its ongoing collaboration and partnership also influenced the content. The new HackerOne Global Top 10 goes a step further with more regular updates and providing industry specific data. HackerOne leverages its unique dataset to give customers even greater insight into the most impactful weaknesses from a hacker perspective, based on what is being discovered and rewarded for on the platform that would otherwise not have surfaced in the OWASP Top 10. The HackerOne Global Top 10 will also be incorporated into HackerOne Assessment scopes as a standard to go beyond a typical pentest check against the OWASP Top 10.

HackerOne's CVE Exploitation Index takes intelligence a step further. Whereas a scanner only provides information based on a set algorithm or analyst's estimates, this feature provides a view of which CVEs are most exploitable, based on real-world data from the HackerOne platform. The data represents which CVEs are being discovered most by hackers. Customers can use the index in conjunction with CISA's list of the top 30 most exploited CVEs to patch the CVEs that put organizations most at risk.

These new vulnerability intelligence capabilities are expected to be available in the HackerOne platform by the end of this year.

Hacker Efficiency

Increasing efficiency in hacker workflows and payment transparency allows hackers to focus their time on finding vulnerabilities and integrating with existing customer development workflows.

The new bounty table ranges and bounty calculator provide a means for customers to set bounty ranges, bringing consistency to the way bounties are awarded. This creates more transparency for hackers, increasing trust between organizations and hackers, resulting in improved hacker motivation.

The Hacker API allows hackers to spend more time on finding vulnerabilities. The API automates a hacker's workflow by giving them immediate access to program information, provides access to view all vulnerabilities and see report updates, and gives them a way to monitor their earnings and payouts for tax reporting.

Security Workflows

HackerOne's security workflows centralize access management, control, and connectivity to external applications in the HackerOne Platform. The new updates include:

HackerOne has strengthened cloud security this quarter by expanding capabilities for Amazon Web Services (AWS) customers and cloud security will be a key focus at this year's Security@ conference.

To find out more about how these product updates will benefit your organization and how you can get started, join this year's annual Security@ conference tomorrow for product sessions on supporting cloud migrations, how you can use data to strengthen your security response program, and using integrations to add value to existing systems. Register now https://www.hackerone.com/security-at

About HackerOne

HackerOne empowers the world to build a safer internet. As the world's most trusted hacker-powered security platform, HackerOne gives organizations access to the largest community of hackers on the planet. Armed with the largest database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risk by searching, finding, and safely reporting real-world security weaknesses for organizations across all industries and attack surfaces. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Intel, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter, and Verizon Media. HackerOne was ranked fifth on the Fast Company World's Most Innovative Companies list for 2020.

Safe Harbor Statement

This press release contains forward-looking statements including, among other things, statements regarding the benefits of HackerOne's offerings. These forward-looking statements are subject to risks, uncertainties, and assumptions which could cause actual results to differ from those projected. The development, release, and timing of any features or functionality described for our products remains at HackerOne's sole discretion. Any purchasing decisions should be based upon features and functionality that are currently available.


These press releases may also interest you

at 19:29
Global advertising and marketing agency Channel Bakers announced it has partnered with Skai, a leading commerce intelligence platform, to expand the agency's suite of eCommerce solutions. Agency CEO and Founder Joshua Kreitzer said the Skai...

at 19:00
Skypod is pleased to announce their support of Breast Cancer Awareness Month alongside The National Breast Cancer Foundation with a $100 credit donation to all those who have been recently diagnosed with or who have survived breast cancer. This past...

at 19:00
Meeami Technologies (Meeami®), a pioneer and leader in audio AI, noise cancellation, speaker ID and audio analytics software, today announced that its flag ship ClearVoice noise cancellation technology is available for Contact Center agents on...

at 18:55
Blume Global, the leading provider of supply chain execution and visibility solutions, is proud to be the first to deliver logistics execution and supply chain visibility solutions completely native to Google Cloud Platform. Customers that use...

at 18:54
Apollo Career Center ("Apollo"), an adult education center located in Allen County, Ohio, recently announced that it identified and addressed a data security incident. Apollo immediately began to investigate, a cybersecurity firm was engaged, and...

at 18:49
Sprout Mortgage is strengthening its robust line of automation tools for a fully digital mortgage experience with the release of its third originator-focused mortgage tool. Sprout will unveil iAnalyze, the first non-QM bank statement analyzer tool of...



News published on 20 september 2021 at 09:10 and distributed by: