Cybersecurity is stretched thin. We all know it, so why state it again?
Because cybersecurity is thinner today than yesterday. Because many keep repeating the same measures that don’t work. And because there actually is a solution.
Facts are undeniable:
- More cybercriminals today than yesterday, with more powerful tools than yesterday
- More software today than yesterday - in every organization
- Faster software deployment cycles than before, introducing software and new vulnerabilities faster
- An increased dependency on third-party software - elevating software supply chain risks
- As Zero Trust reminds us, no protective boundaries any longer
- Budget sufficiency but staff shortage in every security team
There is a solution. We can make software more secure. We can bring down cyber risk. This will improve employment safety for CISOs, CIOs and CEOs. Budgets don’t have to be doubled. In fact, within existing budgets we are already closing the gap.
No way! That’s what many will think. We need more budget! We are unable to hire more security experts! And if we add more software to automate security, we also add more work to ourselves and more digital attack surfaces that may be vulnerable.
Yet there is a solution - one that scales with the magnitude of the problem without adding to it.
The solution has been practiced at the Pentagon for the past 6 years with astonishing results. Over 20,000 software weaknesses have been fixed. Weaknesses that rogue states, cybercriminals, and other adversaries would have otherwise used to penetrate the Department of Defense. Singapore and the UK have followed. Inspired by this stellar success, the Cybersecurity and Infrastructure Security Agency (CISA) has mandated every civilian federal agency to run such a program. The private sector should too.
Since the founding of HackerOne, we have been building a solution that can scale to match the ever-growing challenges of cybersecurity, bringing relief to any organization that develops and deploys software.
We started with bug bounty programs. We expanded the category to cover all forms of hacker-powered security, delivering unparalleled value to all the leading tech companies and many enterprises, achieving astonishing business growth. From there, we are expanding the category again. Our hacker community may be the only thing in the world whose capabilities are growing faster than cybercrime.
Only an unbiased external expert - a hacker - can find the unpredictable situations - the unknown unknowns. Those are the weaknesses that get scored as critical vulnerabilities that must be remediated without any delay.
Ethical hackers represent a level of curiosity and ingenuity that no software tool can match. By enlisting the world’s largest and most powerful army of ethical hackers, there is no cybersecurity challenge we cannot rise to.
This is why we have been invited to help leading brands such as AT&T, GM, Goldman Sachs, Hyatt, Nintendo, PayPal, Starbucks and so many others. There is no other way to find the most elusive software vulnerabilities. You need to enlist the world’s most creative hackers and security researchers.
This week, we are proud to announce a new funding round led by GP Bullhound, the European advisory and investment firm that has become one of the world’s most successful experts on how to scale a tech business. With their investment, we will accelerate the rate at which we make organizations secure.
Our new investor knows HackerOne is the clear market leader. They saw the stepping up to a new category and level of performance that HackerOne has undergone during the past 18 months. We have broadened our hacker-powered services to make productive use of the full range of skills that security researchers and ethical hackers possess. Pentests and retests are good examples. We are building out our software platform to help organizations manage the risks associated with their digital attack surfaces. We are investing in vulnerability intelligence in order to provide strategic advice to our most demanding customers. We have built out our customer and hacker success functions to make life easier and more productive for those we serve.
Going forward, we will keep raising the bar for ourselves in order to provide our hackers even more opportunity to be useful. Customers will be able to get more done through HackerOne with little overhead.
With the new funding, we will play a still stronger game, serving the world with a cybersecurity offering that scales to the full extent of the problem. Given we have been operating at cash flow neutral level for some time, we have a balance sheet and an economic model of unparalleled strength. Call us old-fashioned, but we very much care about capital efficiency.
Today we serve the world’s most discerning customers in use cases such as digital transformation, enterprise assessments, and directed testing. We operate vulnerability disclosure and bug bounty programs for the leading tech companies of the world. We perform pentests and challenges for anyone who needs to know the state of security of their software.
Every week, we deliver thousands of triaged and prioritized vulnerability reports to our customers. Vulnerabilities may sound like bad news, but this is the sort of bad news that becomes good news. For every vulnerability we find, a potential data breach is averted. The return on that investment is enormous. And the model scales.
For customers wishing to reduce the risk of cyberattack, there is no solution as powerful as the one HackerOne offers. We live in uncertain times, but HackerOne is not uncertain about its vital role in bringing down the risk of cyber attack for anyone whose business is digital.
Marten Mickos
CEO, HackerOne
