New independent research shows businesses can save over $500,000 and 66 percent internal effort over three years by replacing traditional penetration testing with HackerOne Challenge for security and compliance
SAN FRANCISCO-- May 14, 2019 --HackerOne, the leading hacker-powered security platform, today announced the results of a commissioned study conducted by Forrester Consulting (Nasdaq: FORR) on behalf of HackerOne on its HackerOne Challenge offering for security and compliance. Through extensive customer interviews, the Forrester Total Economic Impact™ (TEI) Study reveals a savings of more than $500,000 and 66 percent internal effort with HackerOne Challenge over three years compared to traditional penetration testing offerings. The study also indicates that moving to HackerOne Challenge for security and compliance needs reduces the duration of penetration testing, increases customer satisfaction and retention and greatly improves application security, reducing the likelihood of a security incident.
"Customers are speaking in one voice through this Forrester study,” said Marten Mickos, CEO of HackerOne. “Hacker-powered pen tests give the best bang for the buck, and the underlying time, security, development and compliance benefits are even stronger. The power of a community of over 400,000 hackers is unsurpassed."
Among other benefits, the Forrester Consulting TEI Study found:
- Organizations reduced cost and time from penetration testing by switching to HackerOne Challenge
In all cases, the time taken to complete penetration testing and get the results significantly decreases — an average of 50% reduction — resulting in less internal effort. The total eliminated costs in a three-year period are $156,784. One interviewee said, “Every $1 we spend on HackerOne Challenges would have meant $5 in the past for other pen testing and auditors.”
- Greatly improved security, reducing the likelihood of a security incident
The quality of penetration testing performed by HackerOne is vastly improved compared to traditional solutions given the diverse range of skills and experiences found in the hacker community. This increases the speed in which findings and recommendations are submitted, allowing for any fixes to be made in a timely manner. Altogether, this reduces the risk of a breach. One customer explained, “We found 138 vulnerabilities in our first Challenge. They were found much faster and of higher complexity than what we had gotten from past providers.”
- Reduction of internal security and application development efforts
Customers avoid hiring additional security experts because of the robustness of testing and remediation information on vulnerabilities provided by HackerOne. They also see improved bug identification, and knowledge transfer reduces application development time.
- Increased customer satisfaction and retention
Having more robust audits makes existing customers more confident in their companies’ ability to securely provide the contracted services. It also prevents customers from leaving because of security flaws or delayed audit results.
From the information provided in the interviews, Forrester Consulting constructed a Total Economic Impact framework for those organizations considering utilizing HackerOne Challenge. The study looked at a one-time, bug-bounty engagement (repeatable as desired) in which ethical hackers test designated systems and applications for vulnerabilities. The study examined a composite company blended from the HackerOne customers interviewed — a US-based SaaS company with global operations that holds PII and cardholder information and completes two HackerOne Compliance Challenges per year; one test for the production environment that is required by its Qualified Security Assessor (QSA) and the other on the development environment — and compiled an associated ROI analysis that illustrates the areas financially affected. To access these details and learn more about HackerOne Challenge, download the full study here: https://www.hackerone.com/resources/forrester-total-economic-impact-study-hackerone
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited. More Fortune 500 and Forbes Global 1000 companies trust HackerOne than any other hacker-powered security alternative. The U.S. Department of Defense, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, MINDEF Singapore, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, the CERT Coordination Center and over 1,300 other organizations have partnered with HackerOne to find over 120,000 vulnerabilities and award over $52M in bug bounties. HackerOne is headquartered in San Francisco with offices in London, New York, the Netherlands, and Singapore.
About HackerOne Challenge
HackerOne Challenge reduces your risk of security incidents through private, time-bound, security tests, all fully-managed by an expert security team:
- On-demand engagements of 15 to 180 days of active testing by the world’s largest, most diverse community of security talent.
- Includes defining a program scope, inviting and collaborating with hackers, submitting audit-friendly report analysis, and awarding bounties for validated reports.
- Includes optional access to HackerOne’s Clear network of background checked and ID-verified hackers, HackerOne VPN, and easy-to-use single-click hacker agreements.
- Includes optional capabilities for meeting the specific penetration testing requirements for compliance certifications, such as PCI DSS, SOC2 Type 2, and HITRUST.