Like many organizations, AlienVault had set up a vulnerability disclosure policy for any bugs found on their website. If someone found a vulnerability, all they had to do was send an email to their security team.
AlienVault quickly found that this was inefficient.
Initially, for the AlienVault website, we had a simple web page to explain how to report vulnerabilities found on our website via email. This was great but it created a new set of issues of having to manually manage these reports via a spreadsheet. - Andrew Lowe
Enter HackerOne Response, which is helping AlienVault manage incoming reports, triage them, and automatically create tickets on their internal ticketing system for only the valid reports.
With HackerOne and their triage services we now have a sturdy database with ticketing capabilities. Here at AlienVault we’ve also taken advantage of their 3rd party ticketing system integration so once the triage team deems a ticket both a valid vulnerability and not a duplicate, we create a ticket directly in our ticketing system with all pertinent information. Bi-directional communications go through our ticketing system, ensuring nothing is lost or accidentally forgotten. - Andrew Lowe
Now, by leaning on HackerOne, AlienVault has reduced their 5 day response time down to just a day or two. Extrapolate that over a number of bugs and AlienVault is saving a lot of resource time.
AlienVault joins many organizations who’ve seen similar success including Adobe, Airbnb, General Motors, and the Department of Defense.
Read all about their path to HackerOne Response and their great results on their own blog post.
PS - If you want to read more on what should be included in your vulnerability disclosure policy, download our free guide: Vulnerability Disclosure Policy Basics
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.