HackerOne acquires code security tester, review service PullRequest

HackerOne says that clients will be able to more easily integrate code security reviews during workflows.
Written by Charlie Osborne, Contributing Writer

HackerOne has acquired PullRequest, a code-review-as-a-service platform. 

The deal was announced on Thursday. No financial details have been disclosed.

HackerOne is known for its bug bounty platform, a system for security researchers to privately disclose vulnerabilities in services and software to vendors in return for credit and financial rewards. 

However, the organization has also branched out into vulnerability management, cloud environment protection, and application security services. 

Customers include General Motors, GitHub, Google, Microsoft, and PayPal. 

Founded in 2017, PullRequest provides on-demand code reviews by engineers to thousands of organizations. By having more eyes on code before it goes too far down the production line, it is possible to catch vulnerabilities and errors early -- and before threat actors could potentially exploit them. 

Different languages and frameworks, including Go, Python, PHP, and JavaScript, are supported across web, mobile, and other platforms. 

The company previously raised $12.7 million in funding. 

According to HackerOne, the acquisition of PullRequest "builds upon HackerOne's focus on reducing [its] customers' attack resistance gap – the space between what organizations can defend and what they need to defend."

This "will ultimately help customers release trustworthy software faster by embedding expert security reviewers within their software development lifecycle," the company added. 

HackerOne CTO Alex Rice says that there is a shift occurring from reactive security -- finding and patching bugs after code has been published -- to a "developer-first" model that will attempt to eradicate vulnerabilities far sooner in software development cycles. 

Rice commented:

"Over 70% of organizations claim to integrate aspects of security earlier in development to minimize their attack resistance gap, yet less than 25% of security issues are found during development.

Clearly, something more is needed. We're bringing feedback from security experts to the developer workflow so they can quickly fix bugs and get back to building."

See also

Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0

Editorial standards