/>
X
Innovation

HackerOne acquires code security tester, review service PullRequest

HackerOne says that clients will be able to more easily integrate code security reviews during workflows.
charlie-osborne
Written by Charlie Osborne, Contributing Writer on

HackerOne has acquired PullRequest, a code-review-as-a-service platform. 

The deal was announced on Thursday. No financial details have been disclosed.

HackerOne is known for its bug bounty platform, a system for security researchers to privately disclose vulnerabilities in services and software to vendors in return for credit and financial rewards. 

However, the organization has also branched out into vulnerability management, cloud environment protection, and application security services. 

Customers include General Motors, GitHub, Google, Microsoft, and PayPal. 

Founded in 2017, PullRequest provides on-demand code reviews by engineers to thousands of organizations. By having more eyes on code before it goes too far down the production line, it is possible to catch vulnerabilities and errors early -- and before threat actors could potentially exploit them. 

Different languages and frameworks, including Go, Python, PHP, and JavaScript, are supported across web, mobile, and other platforms. 

The company previously raised $12.7 million in funding. 

According to HackerOne, the acquisition of PullRequest "builds upon HackerOne's focus on reducing [its] customers' attack resistance gap – the space between what organizations can defend and what they need to defend."

This "will ultimately help customers release trustworthy software faster by embedding expert security reviewers within their software development lifecycle," the company added. 

HackerOne CTO Alex Rice says that there is a shift occurring from reactive security -- finding and patching bugs after code has been published -- to a "developer-first" model that will attempt to eradicate vulnerabilities far sooner in software development cycles. 

Rice commented:

"Over 70% of organizations claim to integrate aspects of security earlier in development to minimize their attack resistance gap, yet less than 25% of security issues are found during development.

Clearly, something more is needed. We're bringing feedback from security experts to the developer workflow so they can quickly fix bugs and get back to building."

See also


Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0


Editorial standards

Related

Meta warns its new chatbot may forget that it's a bot
toy-robot

Meta warns its new chatbot may forget that it's a bot

Parallels Remote Application Server 19, hands on: Flexibility, security and usability are all improved
Parallels RAS

Parallels Remote Application Server 19, hands on: Flexibility, security and usability are all improved

How to take a full-page screenshot in Google Chrome: Four different ways
google-chrome.png

How to take a full-page screenshot in Google Chrome: Four different ways