Organizations Call For Security Transparency To Be Industry Best Practice
GitLab Inc., TikTok, Wix, SCYTHE, and Starling Bank join HackerOne in pledging to Corporate Security Responsibility
SAN FRANCISCO, March 10 2022: HackerOne, the world’s most trusted provider of ethical hacking solutions, today launches its Corporate Security Responsibility (CSecR) pledge that calls on organizations to commit to cybersecurity best practices to build a safer internet for all. GitLab Inc., TikTok, Wix, SCYTHE, and Starling Bank have already signed up to support and partner with HackerOne to promote the pledge’s four core principles of transparency, collaboration, innovation, and differentiation. HackerOne created the CSecR Pledge based on their recent report entitled The Corporate Security Trap: Shifting Security Culture From Secrecy To Transparency, which surveyed 800 security leaders and surfaced security as a competitive differentiator in enterprise organizations.
The report asked security leaders how their organizations view transparency and security; and found a gap between their organization's openness versus their expectations of suppliers. Key findings from the report include:
- 65% of organizations want to be seen as infallible
- 64% maintain a culture of security through obscurity and 38% aren’t open about their cybersecurity practices
- 63% of organizations say that cybersecurity best practices are as important as cost when choosing a supplier
- 53% of organizations say they have lost customers as a result of a security breach
- 65% of security professionals hear the message that security slows innovation
- 67% of organizations would rather accept software vulnerabilities than work with hackers
“Security could be the difference between winning business and losing it,” said Marten Mickos, CEO of HackerOne. “GitLab, TikTok, Wix, SCYTHE, and Starling Bank recognize transparency and collaboration in cybersecurity as a competitive differentiator with their pledge to Corporate Security Responsibility. The growing partner network will provide access to support and advice from industry experts focused on strengthening global cybersecurity. By committing to the pledge, organizations are building transparency into their foundation and culture.”
The Corporate Security Trap report puts the data into context and provides recommendations for how companies can take action to back up their commitment. PayPal, TikTok, and GitLab have contributed to the report and committed to the pledge. HackerOne invites other partners, customers, and related organizations to contribute to the evolution of the concept to improve security throughout the software supply chain.
Johnathan Hunt, VP of Security of GitLab, explains why they committed to the pledge. “GitLab practices transparency by default. It makes our software more secure and allows us to better collaborate and innovate. HackerOne’s Corporate Security pledge; therefore, particularly resonates with our values, and we’re pleased to be one of the first partners to publicly declare our commitment to these values. We encourage other organizations to experience the benefits of adhering to the commitments of CSecR and look forward to being a part of a more secure and productive software ecosystem.”
“Transparency is core to TikTok’s business and brand, and we aim to deliver transparency on everything from content moderation to our bug bounty program to create a safe and welcoming platform for creators to innovate, express themselves creatively, and entertain our global community,” said TikTok Global Chief Security Officer Roland Cloutier. “We know that the best way to stay ahead of the evolving threat landscape is to collaborate with industry-leading experts, researchers, and academics, inviting them to disclose potential vulnerabilities so we can quickly eliminate them.”
Read the full report here.
To become a partner of Corporate Security Responsibility, please contact press@hackerone.com.
ABOUT HACKERONE
HackerOne empowers the world to build a safer internet by giving organizations access to the largest, global community of highly skilled ethical hackers. Armed with an extensive database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risk by searching, finding, and safely reporting real-world security weaknesses for organizations across industries and attack surfaces. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter, and Yahoo. HackerOne was ranked fifth on the Fast Company World’s Most Innovative Companies list for 2020.