Security News

HackerOne and SecurityScorecard announced an integrated solution that uses hacker-powered security signals and data as a leading indicator for evaluating corporate and supply chain cyber risk. By seamlessly integrating the HackerOne API into the SecurityScorecard platform, users will now be able to showcase their bug bounty and vulnerability disclosure efforts in their scorecards and gain visibility into how their suppliers and partners are deploying these programs within their own environments.

Inhibitor181 is the first bug bounty hunter to earn more than $2,000,000 in bounty awards through the vulnerability coordination and bug bounty program HackerOne. HackerOne says that, so far, only 9 bug bounty hunters have earned $1 million on the platform, with Jon Colston being the ninth hacker to reach this goal after reporting over 170 vulnerabilities in government and enterprise organizations.

HackerOne announced that it is making its debut in AWS Marketplace. Amazon Web Services customers can now find and purchase services from HackerOne in AWS Marketplace, a curated digital catalog of software, data, and services that run on AWS. HackerOne is one of the first comprehensive security solutions providers to quote and contract services in AWS Marketplace.

In a report published this week, HackerOne reveals that XSS flaws accounted for 18% of all reported issues, and that the bounties companies paid for these bugs went up 26% from last year, reaching $4.2 million. The second most awarded vulnerability type in 2020, HackerOne says, is Improper Access Control, which saw a 134% increase in occurrence compared to 2019, with a total of $4 million paid by companies in bug bounty rewards.

HackerOne introduced a set of strategic integrations and partnerships that make it easy to integrate HackerOne data with existing security and development workflows. Announced at the fourth annual Security conference, the integrations seek to ensure the HackerOne platform fits into customers' existing security workflow with minimal friction, enabling them to identify, prioritize, and respond to threats in real time.

Bounty-hunting hackers are uncovering new vulnerabilities every two minutes on average, according to bug bounty platform HackerOne. "Mickos rejected the idea that ethical hackers deprived of a legitimate bug bounty market would instead sell newly discovered vulnerabilities to black hats for exploitation, saying:"If we didn't organise this program, the vulnerabilities would not be sold to criminals.

Hacker-powered bug hunting platform HackerOne on Tuesday announced that it paid more than $44.75 million in bounty rewards over the past 12 months, with the total payouts to date surpassing $107 million. Signups went up 59% as result of the global coronavirus crisis, while the number of submitted bug reports went up 28%. In the months immediately following the start of the COVID-19 pandemic, organizations paid 29% more bounties, with the total paid in bounties going up 87% compared to last year.

HackerOne on Monday released a list of the companies that have paid out the most money through their bug bounty programs. According to HackerOne, Verizon has paid out more than $9.4 million since the launch of its program in February 2014, with a top bounty of $70,000 and an average first response time of 8 hours.

Sony this week announced the launch of a public PlayStation bug bounty program in partnership with hacker-sourced vulnerability hunting platform HackerOne. Previously, the company ran a private bug bounty with some researchers only, but says that it has come to realize that the research community plays an important role in improving security, and that the newly launched program builds on that realization.

HackerOne announced the expansion of its penetration testing solution in Europe. This latest product from HackerOne compliments its existing offerings dedicated to helping organizations find and fix vulnerabilities before they can be exploited.