What is your cybersecurity need?
Protect your evolving assets.
Scale app security across the SDLC.
Build your brand and protect your customers.
Meet compliance requirements and more.
Reshaping the way companies find and fix critical vulnerabilities before they can be exploited.
Test your organization's security preparedness with HackerOne Assessment.
Establish a compliant vulnerability assessment process.
The first step in receiving and acting on vulnerabilities discovered by third-parties.
Continuous testing to secure applications that power organizations.
Highly vetted, specialized researchers with best-in-class VPN.
Enhance your hacker-powered security program with our Advisory and Triage Services.
Home > Blog > response
Like many organizations, AlienVault had set up a vulnerability disclosure policy for any bugs found on their website. If someone found a vulnerability, all they had to do was send an email to their security team.
AlienVault quickly found that this was inefficient.
To celebrate five years with HackerOne, we sat down with Adobe’s Senior Security Program Manager Pieter Ockers to discuss how their program has evolved over the last five years and the role that hacker-powered security, both bug bounties and response programs, plays into their overall security strategy.
HackerOne Response is our turnkey solution offering enterprise-grade security and conformance with ISO-29147 (vulnerability disclosure) and ISO-30111 (vulnerability handling). It allows vulnerability management teams to work directly with external third-parties to resolve critical security vulnerabilities before they can be exploited.
This article will answer the simple question of what a vulnerability disclosure policy is, what’s included in a good policy, which organizations have a VDP today, and which government agencies have published guidance on VDPs.
HackerOne is helping AlienVault manage incoming reports, triage them, and automatically create tickets on their internal ticketing system for only the valid reports.
The attention being given to vulnerability disclosure policies (VDP) in the past year has increased dramatically. It might be the latest high-profile breach that sparks a comment, but more and more, it’s the attitude that VDPs aren’t just nice-to-haves, they’re critical tools for every cyber security team.
The CERT Coordination Center at Carnegie Mellon University’s Software Engineering Institute (SEI) recently released The CERT Guide to Coordinated Vulnerability Disclosure. It is an amazingly detailed, clever, and complete guide to explaining the need for coordinated vulnerability disclosure (CVD). We've done our best to give you the cliff notes and even included some additional helpful resources at the end.
Vulnerabilities are found every day by security researchers, friendly hackers, customers, academics, journalists, and tech hobbyists. Because no system is entirely free of security issues, it's important to provide an obvious way for external parties to report vulnerabilities.
To learn more about how legal teams and federal enforcers view hacker-powered security, we asked Megan Brown, partner, and Matthew Gardner, attorney, from the Privacy & Cybersecurity Practice at Wiley Rein LLP, a Washington, DC-based firm to present at our webinar, Invitation to Hack: Vulnerability Disclosure Programs.
The Department of Defense announced plans to expand upon the successful "Hack the Pentagon" bug bounty pilot launched earlier this year with HackerOne and Synack.