Press release

HackerOne’s Penetration Testing Solution Can Deliver 115% Return on Investment Over Three Years According to New Total Economic Impact Study

Sponsored by Businesswire

HackerOne, the leading hacker-powered security platform, today announced
the results of a commissioned study conducted by Forrester Consulting
(Nasdaq: FORR) on behalf of HackerOne on its HackerOne Challenge
offering for security and compliance. Through extensive customer
interviews, the Forrester Total Economic Impact™ (TEI) Study reveals a
savings of more than $500,000 and 66 percent internal effort with
HackerOne Challenge over three years compared to traditional penetration
testing offerings. The study also indicates that moving to HackerOne
Challenge for security and compliance needs reduces the duration of
penetration testing, increases customer satisfaction and retention and
greatly improves application security, reducing the likelihood of a
security incident.

“Customers are speaking in one voice through this Forrester study,” said
Marten Mickos, CEO of HackerOne. “Hacker-powered pen tests give the best
bang for the buck, and the underlying time, security, development and
compliance benefits are even stronger. The power of a community of over
400,000 hackers is unsurpassed.”

Among other benefits, the Forrester Consulting TEI Study found:

  • Organizations reduced cost and time from penetration testing by
    switching to HackerOne Challenge

In all cases, the time taken to complete penetration testing and get the
results significantly decreases — an average of 50% reduction —
resulting in less internal effort. The total eliminated costs in a
three-year period are $156,784. One interviewee said, “Every $1 we spend
on HackerOne Challenges would have meant $5 in the past for other pen
testing and auditors.”

  • Greatly improved security, reducing the likelihood of a security

The quality of penetration testing performed by HackerOne is vastly
improved compared to traditional solutions given the diverse range of
skills and experiences found in the hacker community. This increases the
speed in which findings and recommendations are submitted, allowing for
any fixes to be made in a timely manner. Altogether, this reduces the
risk of a breach. One customer explained, “We found 138 vulnerabilities
in our first Challenge. They were found much faster and of higher
complexity than what we had gotten from past providers.”

  • Reduction of internal security and application development efforts

Customers avoid hiring additional security experts because of the
robustness of testing and remediation information on vulnerabilities
provided by HackerOne. They also see improved bug identification, and
knowledge transfer reduces application development time.

  • Increased customer satisfaction and retention

Having more robust audits makes existing customers more confident in
their companies’ ability to securely provide the contracted services. It
also prevents customers from leaving because of security flaws or
delayed audit results.

From the information provided in the interviews, Forrester Consulting
constructed a Total Economic Impact framework for those organizations
considering utilizing HackerOne Challenge. The study looked at a
one-time, bug-bounty engagement (repeatable as desired) in which ethical
hackers test designated systems and applications for vulnerabilities.
The study examined a composite company blended from the HackerOne
customers interviewed — a US-based SaaS company with global operations
that holds PII and cardholder information and completes two HackerOne
Compliance Challenges per year; one test for the production environment
that is required by its Qualified Security Assessor (QSA) and the other
on the development environment — and compiled an associated ROI analysis
that illustrates the areas financially affected. To access these details
and learn more about HackerOne Challenge, download the full study here:

About HackerOne

HackerOne is the #1 hacker-powered
security platform
, helping organizations find and fix critical
vulnerabilities before they can be exploited. More Fortune 500 and
Forbes Global 1000 companies trust HackerOne than any other
hacker-powered security alternative. The U.S. Department of Defense,
General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, MINDEF
Singapore, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, the
CERT Coordination Center and over 1,300 other organizations have
partnered with HackerOne to find over 120,000 vulnerabilities and award
over $52M in bug
. HackerOne is headquartered in San Francisco with offices
in London, New York, the Netherlands, and Singapore.

About HackerOne Challenge

HackerOne Challenge reduces your risk of security incidents through
private, time-bound, security tests, all fully-managed by an expert
security team:

  • On-demand engagements of 15 to 180 days of active testing by the
    world’s largest, most diverse community of security talent.
  • Includes defining a program scope, inviting and collaborating with
    hackers, submitting audit-friendly report analysis, and awarding
    bounties for validated reports.
  • Includes optional access to HackerOne’s Clear network of background
    checked and ID-verified hackers, HackerOne VPN, and easy-to-use
    single-click hacker agreements.
  • Includes optional capabilities for meeting the specific penetration
    testing requirements for compliance certifications, such as PCI DSS,
    SOC2 Type 2, and HITRUST.