peterzayda - stock.adobe.com

Tech brands sign on to HackerOne responsible security drive

Tech companies sign HackerOne’s new corporate security responsibility pledge to bring cyber out of the shadows and promote effective, secure development practices

Technology brands including GitLab, Starling Bank, TikTok and Wix have signed on to support a new corporate security responsibility pledge drive initiated by penetration testing and bug bounty specialist HackerOne.

The aim of the pledge is to encourage an industry-wide call to action for more transparency and a positive culture around cyber security best practice, as well as ultimately to build a safer internet for all. It focuses on four key areas:

  • Encouraging transparency to share cyber intelligence and build trust.
  • Fostering a culture of collaboration that makes the tools needed to reduce risk in the hands of everybody.
  • Promoting innovation by inspiring developers to work with security in mind.
  • Holding pledges and their suppliers accountable to following best practice to develop security as a point of differentiation.

Starling Bank’s head of cyber security, Mark Rampton, said: “At Starling, we assume that everything has the potential to be vulnerable, and believe that hyper-vigilance is the best way to stay ahead of threats.

“Security isn’t something we can do in isolation. We work with every member of our staff – and the wider security community, including HackerOne – to ensure we continually fulfil our mission of keeping customer funds and data protected.”

TikTok’s global chief security officer, Roland Cloutier, added: “Transparency is core to TikTok’s business and brand. We deliver transparency on everything from content moderation to our bug bounty programme, so our users are free to innovate and fulfil our mission of inspiring creativity, and bringing joy.

“We know the best way to keep our global TikTok community safe and secure is by inviting the disclosure of potential vulnerabilities, so we can quickly eliminate them.”

HackerOne’s pledge drive comes off the back of a new research report, The corporate security trap: shifting security culture from secrecy to transparency, which found that 64% of organisations maintain a culture of “security through obscurity” and 38% are opaque about how they “do” security.

A majority of security professionals also tended to feel they struggled to build a positive security culture within their organisation, while 65% of security pros said they have internalised the message from on high that their work slows down and blocks innovation.

Read more about ethical hacking

Also, 67% of organisations would prefer to accept software vulnerabilities rather than let an ethical hacker poke around in their code, said HackerOne.

GitLab security VP Johnathan Hunt said practising transparency by default was crucial to the success of the firm’s flagship DevOps platform.

“It makes our software more secure and allows us to better collaborate and innovate,” he said. “HackerOne’s corporate security manifesto therefore particularly resonates with our values, and we are pleased to be one of the first partners to publicly declare our commitment to these values.

“We encourage other organisations to experience the benefits of adhering to the commitments of CSecR and look forward to being a part of a more secure and productive software ecosystem.”

Marten Mickos, CEO of HackerOne, said: “Security could be the difference between winning business and losing it.

“GitLab, TikTok, Wix and Starling Bank recognise transparency and collaboration in cyber security as a competitive differentiator with their pledge to corporate security responsibility.

“The growing partner network will provide access to support and advice from industry experts focused on strengthening global cyber security. By committing to the pledge, organisations are building transparency into their foundation and culture.”

Read more on Hackers and cybercrime prevention