LONDON, UK, 10 March 2022: HackerOne, the world’s most trusted provider of ethical hacking solutions, has today launched its Corporate Security Responsibility Pledge. The aim is to build a safer internet for all, encouraging an industry-wide call to action for more transparency and a positive culture when it comes to cyber security best practices. Several large-scale international companies including PayPal, TikTok, Wix, Starling Bank and GitLab have already signed up to support and are partnering with HackerOne. 

HackerOne’s latest research report entitled The Corporate Security Trap: Shifting Security Culture From Secrecy To Transparency, has shown that 64% of organisations maintain a culture of security through obscurity and 38% aren’t open about their cybersecurity practices. In addition, 65% of security professionals admitted they hear the message within their organisation that security will only slow down innovation. HackerOne has launched its manifesto to address this, appealing to organisations worldwide to improve best practices and move from secrecy to transparency. 

The manifesto is focused on four key areas calling for all organisations to: 

1)    Encourage industry-wide transparency to build trust and share intelligence

2)    Foster a culture of industry-wide collaboration that gives everyone the tools to take control of reducing cyber risk

3)    Promote innovation by inspiring development teams to build with security in mind and bring secure products to market faster

4)    Hold ourselves and our suppliers accountable to following best practices to develop security as an easy point of differentiation 

HackerOne’s research has shown that businesses are looking to step up security in the face of growing cyber-attacks, with 63% of security professionals citing cyber best practices were just as important as the cost when it comes to choosing a supplier. In addition, 62% of security professionals admitted they would take their business elsewhere if a supplier suffered a data breach. 

Organisations are increasingly scrutinising the practices of their suppliers, and are prioritising security, however, there is a disconnect when it comes to culture and looking at security challenges in-house. Despite the focus on security, over half (57%) of security professionals say they struggle to create a culture of security within their business and 53% confirmed they have lost customers as a result of a security breach. 

In addition, there are limitations when it comes to modernising and embracing new security practices, with 67% of organisations confirming they would rather accept software vulnerabilities than work with hackers.

“Security could be the difference between winning business and losing it,” said Marten Mickos, CEO of HackerOne. “GitLab, TikTok, Wix, SCYTHE, and Starling Bank recognize transparency and collaboration in cybersecurity as a competitive differentiator with their pledge to Corporate Security Responsibility. The growing partner network will provide access to support and advice from industry experts focused on strengthening global cybersecurity. By committing to the pledge, organizations are building transparency into their foundation and culture.”

Johnathan Hunt, VP of Security of GitLab explains why they committed to the Manifesto. “GitLab practices transparency by default. It makes our software more secure and allows us to better collaborate and innovate. HackerOne’s Corporate Security Manifesto therefore particularly resonates with our values, and we’re pleased to be one of the first partners to publicly declare our commitment to these values. We encourage other organizations to experience the benefits of adhering to the commitments of CSecR and look forward to being a part of a more secure and productive software ecosystem.” 

“Wix customers want to gain and maintain their users’ trust, so our top priority is to support them in demonstrating security best practices,” said Zohar Shachar, Head of Application Security at Wix. “It’s a differentiator for us to actively show how we’re constantly improving and strengthening our systems by engaging with the ethical hacking community. Our continuous security testing across our attack surfaces is just one of the tools we use to make our customers feel safe.” 

Roland Cloutier, Global Chief Security Officer at TikTok said: “Transparency is core to TikTok’s business and brand. We deliver transparency on everything from content moderation to our bug bounty program so our users are free to innovate and fulfill our mission of inspiring creativity, and bringing joy. We know the best way to keep our global TikTok community safe and secure is by inviting the disclosure of potential vulnerabilities, so we can quickly eliminate them.” 

“At Starling, we assume that everything has the potential to be vulnerable and believe that hypervigilance is the best way to stay ahead of threats,” said Mark Rampton, Head of Cybersecurity at Starling Bank. “Security isn’t something we can do in isolation; we work with every member of our staff – and the wider security community, including HackerOne – to ensure we continually fulfil our mission of keeping customer funds and data protected.” 

To become a partner of Corporate Security Responsibility, please contact press@hackerone.com.