Latest news with #JohnAddeo
Techday NZ
18-07-2025
- Business
- Techday NZ
Cycode & HackerOne integrate to speed software vulnerability fixes
Cycode and HackerOne have announced a partnership aimed at streamlining the remediation process of vulnerabilities found through bug bounty programmes by leveraging Application Security Posture Management (ASPM). Bug bounty programmes have become essential to application security strategies, enabling organisations to uncover and validate security vulnerabilities by engaging a community of ethical hackers. HackerOne has developed its reputation for discovering and validating these issues at scale, while Cycode provides ASPM capabilities designed to support security and development teams through vulnerability management. The partnership will see findings from HackerOne integrated directly into Cycode's platform. This integration is intended to enable rapid assignment, triage, and remediation of validated vulnerabilities, providing security and development teams with additional context to address issues effectively. "Security threats are evolving fast, and fixing vulnerabilities quickly is more important than ever. Our integration with Cycode gives customers and partners the real-world context and automation they need to move faster. By combining HackerOne's exploit data with Cycode's ASPM capabilities, teams can prioritize the right risks and resolve them earlier in development, so they can ship safer software, faster." – John Addeo, VP Global Partner Ecosystem at HackerOne According to the companies, vulnerabilities identified through bug bounty reports often represent the most urgent and actionable risks, given that they are verified by independent security researchers and demonstrate exploitability in live environments. However, data from these bug bounty reports frequently resides outside the tools developers use day-to-day, leading to delays and inefficiencies in addressing them. Through the new integration, HackerOne's findings will be ingested into Cycode's Risk Intelligence Graph (RIG), described as a unified knowledge base of security issues across the software development lifecycle. Each bug bounty report incorporated into RIG will be enhanced with details such as repository mapping - which identifies the precise source code repository where a vulnerability originated - developer ownership to identify responsible parties, and deployment context relating to the specific services or infrastructure affected. Cycode believes that providing this level of detail gives security teams a clear path from discovery to remediation, while also offering developers actionable context to address issues without unnecessary delay or manual triage. "Vulnerabilities from HackerOne represent some of the most urgent and actionable risks organizations face. By bringing those findings into the Cycode platform, we're giving teams critical context, ownership mapping, and developer engagement they need to fix issues faster and with greater confidence. This partnership is about helping our customers build more secure software at scale without slowing down velocity." – Prasad Raman, VP Partnerships at Cycode The collaboration is also expected to accelerate remediation times for shared customers by linking each HackerOne report directly to the relevant code owner. This connection enables teams to meet service-level agreements and reduce mean time to resolution, which is especially important for high-severity vulnerabilities. Another advantage cited by the companies is the ability to leverage HackerOne's real-world exploit data to improve risk scoring and prioritisation. According to Cycode, this ensures that limited security resources are focused on issues with the highest potential impact. The integration is designed to work within the toolchains already used by developers - including platforms like Jira, GitHub, GitLab, and Slack - so that findings arrive complete with actionable information and do not require further clarification from application security teams. Both Cycode and HackerOne state that the partnership is more than just a technical integration, positioning it as a means to strengthen application security workflows overall. HackerOne aims to turn validated bugs into resolved issues, which it sees as a way to bolster customer satisfaction. Cycode, meanwhile, benefits from extended detection capabilities and the ability to contextualise issues based on exploitability in production. The two companies emphasise that customers stand to benefit from greater efficiency, stronger collaboration, and a more connected approach to securing software throughout development and deployment lifecycles.
Techday NZ
18-06-2025
- Business
- Techday NZ
HackerOne launches PartnerOne alliance for AI-driven security
HackerOne has announced the launch of its PartnerOne Technology Alliance Program, aiming to enable tighter integration between its AI-powered security platform and other technology providers. The new programme allows technology partners to develop direct integrations with HackerOne's platform. This aims to help customers improve their response to vulnerabilities by creating security workflows that connect seamlessly with existing business operations and development practices. Technology partners will have access to sandbox environments, API documentation, co-branded content, and joint go-to-market support. Through this approach, the company wants to foster collaboration in the cybersecurity sector, enabling end users to respond to vulnerabilities more quickly and effectively by using AI to scale and support human expertise. Partnership focus John Addeo, Vice President of Partner Ecosystems at HackerOne, described the initiative as a collaborative effort designed to support both customers and partners: "At HackerOne, we believe the strength of our ecosystem is measured by the collective impact we make for our customers and partners. This program goes beyond integration—it's about collaboration. By joining forces with leading technology providers, we're building a connected ecosystem that simplifies and scales workflows using AI, expands market reach, and delivers stronger security outcomes." The PartnerOne Technology Alliance Program will offer partners technical enablement and collaborative marketing opportunities, designed to streamline engagement and broaden the reach of integrated security solutions. By bringing together different tools within one framework, customers can expect more efficient identification, management, and remediation of security vulnerabilities. Industry participation A notable example of the alliance in action is the integration with Secure Code Warrior. This collaboration aims to help organisations leverage HackerOne's data-driven insight on vulnerabilities and translate them into secure development actions within developer workflows. Matias Madou, Co-Founder and Chief Technology Officer of Secure Code Warrior, commented on the significance of the partnership: "The cybersecurity industry thrives when we pair true innovation with strategic collaboration, and our integration with HackerOne is a prime example of complementary technologies forging a powerful path forward. This partnership allows our joint customers to transform HackerOne's immense vulnerability insights into targeted, actionable learning modules and AI-powered recommendations directly within developer workflows. It's about empowering developers to learn from real-world findings and proactively build secure software from the start, driving a more resilient and secure development lifecycle for the industry as a whole." Secure Code Warrior's integration leverages the real-time vulnerability data from the platform to enrich the learning and remediation processes for developers, facilitating targeted skills development and application security improvement at the source. Automation and intelligent workflows The PartnerOne Technology Alliance Program includes support for external connectors and automation features. These enable customers to design custom security workflows by integrating the HackerOne Platform with their broader security infrastructure. The platform employs Hai, HackerOne's AI security agent, to optimise and automate key processes, such as routing alerts and coordinating response teams based on the severity and context of reported vulnerabilities. Neil Schloth, Vice President and Global Head of Application Security at Fiserv, commented on the benefit for application security teams: "Combining HackerOne's expertise in vulnerability discovery with Secure Code Warrior's focus on code security training solutions equips developers with real-world fixes for novel security vulnerabilities." The automations are intended to turn real-time exploit intelligence into planned and coordinated actions, spanning the security and development toolchain to enable more efficient handling of incidents as they arise. AI and security strategy Nidhi Aggarwal, Chief Product Officer at HackerOne, outlined how the new alliances reflect a broader strategy to use AI in service of cybersecurity operations: "Security in the AI era demands both speed and precision. At HackerOne, we're building a platform that uses AI to supercharge human ingenuity, accelerating how we detect, triage, and respond to vulnerabilities at scale. The Technology Alliance Program is an extension of this vision, connecting our AI-driven insights with partner innovation to deliver integrated, resilient, and adaptive security workflows that evolve with today's threat landscape." The PartnerOne Technology Alliance Program is designed to support the development of an adaptive, integrated security ecosystem that responds to rapid changes and challenges presented by modern threats. The programme invites technology providers to join and build on the existing platform's capabilities to create new, scalable security solutions.
