alice@hackerone.com
Submitted by alice@hackerone.com on

Customers Can Leverage Scan Data from Multiple Vendors to Strengthen Pentesting and Bounty Efforts

SAN FRANCISCO, June 2, 2022 - HackerOne, the leader in Attack Resistance Management, today announced OpenASM, an initiative that combines scan data from customers’ attack surface management (ASM) tools with security testing efforts. Attack surface scans can be used to better set scopes for bug bounties, penetration tests, and vulnerability disclosure programs. In addition, ethical hackers can enrich, risk rank, and prioritize assets, helping organizations reduce risk more effectively.

At the core of the initiative is HackerOne Assets, itself an ASM product and integrated into the HackerOne Platform. Scan data from many ASM products can be imported into the asset database at the core of the HackerOne Platform. OpenASM will initially support AssetNote, Darktrace (Cybersprint), Hadrian, Palo Alto Cortex Xpanse, and Project Discovery. OpenASM will also support CSV and JSON import for customers with homegrown attack surface inventory tools. Additionally, HackerOne is working with its partner, Security Scorecard, on how to deal with the extended supply chain attack surface. 

Behind this initiative is research from HackerOne on the existence of an attack resistance gap between what organizations can protect and what they need to protect. One-third of organizations said they monitor less than 75% of their attack surface and almost 20% believe that over half of their attack surface is unknown or not observable. OpenASM reduces the likelihood of missing critical issues by eliminating the need for manual or outmoded asset inventory and automates defining testing scope. 

“OpenASM increases the value of customers’ established ASM tools,” explained Ashish Warty, SVP of Engineering at HackerOne. “Our customers often use more than one ASM vendor and need to unify the data from those vendors to expand the scope for penetration tests, security assessments, and bug bounties. Ethical hackers can then enrich and triage the attack surface data, freeing up internal resources and giving organizations a better picture of their risk.”

“We look forward to furthering our collaboration with HackerOne to help organizations understand their extended attack surface,” said Alex Rich, VP of Alliances at SecurityScorecard. “Our recently-launched Attack Surface Intelligence (ASI) module helps security teams leverage SecurityScorecard's rich data lake to visualize their attack surface, including third-party vendors, and prioritize their most critical vulnerabilities”

“OpenASM is another way HackerOne shows its commitment to building an innovative and synergetic security ecosystem,” said Rogier Fischer, CEO of Hadrian. “It is an amazing opportunity to provide the best value to our shared customers. Combining the expertise of millions of security experts with Hadrian's automation platform and large datasets, gives the customer more, and higher quality, insights into their security posture.”

OpenASM will also be a feature of HackerOne’s new Assets product that will be available later this year. Vendors who wish to integrate with HackerOne Assets and be part of the OpenASM initiative can find out more by visiting Booth #6279 at the RSA conference, where they can get a demo or have a meeting with one of HackerOne’s experts.
 

ABOUT HACKERONE

HackerOne closes the security gap between what organizations own and what they can protect. HackerOne's Attack Resistance Management blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the ever-evolving digital attack surface. This approach enables organizations to transform their business while staying ahead of threats. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter, and Yahoo. In 2021, HackerOne was named as a ‘brand that matters’ by Fast Company.

Any unreleased services, features, functionality, or enhancements referenced in this or other statements are not currently available, are subject to change at HackerOne’s discretion, and may not be delivered as planned or at all. Customers who purchase HackerOne products and services should make their purchase decisions based on services, features, and functions that are currently available.