Marten Mickos’ Post

Reddit building out and strengthening their bug bounty program.

For the price of one, you get half a dozen on-going benefits with bug bounties; * Avoidance of breach * Compliance  * Strengthening of brand reputation * Learning what you missed in software development * For the board and C-suite, an external unbiased assessment of security posture * An extension of your security team, offloading tedious work, allowing the security team to focus on higher-order tasks

We've been strengthening the HackerOne leadership ranks over the past year. Proud of these leaders!

Attention companies in the energy sector, the U.S. Department of Energy just released Supply Chain Cybersecurity Principles for you.

HackerOne customer Databricks processes 9 EB of data per day. EB stands for exabyte which is 1 billion gigabytes.

Some customers use HackerOne to catch what they’ve missed. Others use HackerOne as an extension of their security team. We love both use cases. In the former, we must provide the best security hacking the world can offer. In the latter, we additionally handle a lot of the workflows.

Hai is making it easier for security teams to manage vulnerability reports and quicker to pass along to the asset owners for remediation.

Can AI help security teams? Most definitely. Here is how Hai helps customers today with incoming vulnerability submissions: * Summarizing vulnerability reports. * Immediate assistance with unclear reports, simplifying complex reports, making them more understandable for the team. * Determining report severity and providing reasoning for adjustments. One customer reported using Hai with over half of all vulnerability reports, improving accuracy and saving countless hours of tedious work.

How to Build an Effective Pentesting Strategy 1) Identify your most vulnerable assets. 2) Don’t just pentest occasionally.  3) Let your customers know. Full article by Dan Mateer in Security Boulevard.