HackerOne, Tray.io Team Up on Integrations To Uncover Vulnerabilities Quickly
HackerOne is working with Tray.io’s automation platform to speed up and simplify integration deliveries. HackerOne’s platform unifies vulnerability and security services to detect and deal with threat vulnerabilities more effectively.
HackerOne is working with the Tray.io general low-code automation platform to speed up and simplify integration deliveries. The result will be speedier and friction-free integrations from HackerOne, allowing customers to detect and deal with threat vulnerabilities more effectively.
One of the crucial elements of HackerOne’s approach is to integrate vulnerability remediation directly into existing workflows, which avoids complexity, extra steps and delays.
“We initially evaluated a handful of integration tools, but quickly realized that they wouldn’t remove complexity for our customers,” said Martijn Russchen, senior product manager at HackerOne.
“We didn’t want to leave our customers with the responsibility of manually standing up their own integrations, nor did we want to settle for limited connectors that couldn’t execute more robust operations. We needed a solution with a pre-built interface that could seamlessly embed in our existing integration marketplace,” he added.
HackerOne partners with the global hacker community to surface relevant security issues before being exploited by criminals. The HackerOne platform brings together technologies for vulnerability management, cloud security, compliance assessment and app security.
The platform allows IT and development teams to pinpoint, track, and remediate software vulnerabilities as they are reported. This makes remediation a natural part of development workflows and SDLC (software development lifecycles).
The benefits to this approach let stakeholders:
- Get notified when vulnerabilities are submitted—no waiting for a final report.
- Receive reports via the HackerOne platform, and communicate with testers to discuss reproducible steps.
- Collaborate directly with testers throughout the engagement.
HackerOne, Tray Partner to Quadruple Integration Delivery Speeds
HackerOne is using Tray Embedded to quadruple integration delivery speeds, reduce maintenance and maximize developer efficiencies. This means HackerOne customers can spend less time context-switching between tools and more time prioritizing and addressing vulnerabilities, according to Martijn Russchen, HackerOne senior product manager.
With Tray.io, HackerOne can deliver integrations rapidly and at scale, developing and deploying new customer integrations in as little as two to three weeks, compared to two to three months, Russchen said.
“HackerOne uniquely understands the incredible value of integrating its platform with the rest of its customers’ software development lifecycles,” said Rich Waldron, CEO and co-founder of Tray.io. “However, customer integrations are extremely challenging, often requiring significant time and developer resources to complete.
“With Tray Embedded, HackerOne has been able to create high-quality customer integrations in a quarter of the time it used to take – giving developers more time to work on improving cybersecurity efforts and deploying new features,” Waldron added.
“Our engineers were especially thrilled that they wouldn’t need to waste countless hours maintaining and debugging integrations after they built them,” This helps cut time spent retrofitting integrations as other software tools update their APIs, allowing the HackerOne team to increase the number of integrations available, he added.
A Tray.io use case profile describes working with HackerOne on delivering these mission-critical integrations.
Early on, the team at HackerOne knew that integrations would be key to ensure their customers could quickly and reliably respond to security threats. Armed with seamless integrations, HackerOne customers could spend less time context-switching between tools and more time prioritizing and addressing vulnerabilities.
“Our team made key investments in our integration ecosystem to increase our customers’ efficiency, collaboration, and scalability,” says Russchen. “But every customer’s tech stack is different. With the ever-expanding number of SaaS applications, we wanted to ensure we could deliver powerful and easy-to-use integrations at scale.”
“It takes time to build out high-quality customer integrations. One of our engineering teams would easily spend two to three months building an integration from scratch. And that doesn’t include the resources we’d need to maintain each integration over time. At the same time, our developers are hyper-focused on shipping new features and functionality for our core product. Our customers were asking for more integrations, while our product team just didn’t have the bandwidth to keep pace with demand.”
Russchen highlighted the process HackerOne followed in selecting an integration tool and choosing Tray Embedded.
“We initially evaluated a handful of integration tools but quickly realized that they wouldn’t remove complexity for our customers. We didn’t want to leave our customers with the responsibility of manually standing up their own integrations, nor did we want to settle for limited connectors that couldn’t execute more robust operations. We needed a solution with a pre-built interface that could seamlessly embed in our existing integration marketplace.”
Using Tray Embedded, the benefits were notable across several areas, he noted.
Thanks to the success of the Tray.io-HackerOne cooperation to date, HackerOne plans even deeper partnership work.
“In the near future, we endeavor to move our existing, internally-built integrations to Tray Embedded [and] establish Tray Embedded as our central hub for deploying powerful new integrations with speed.” Russchen said. The goal is to use these integrations to improve “vulnerability management workflows” and “reduce risk for customer organizations.”
A recent blog post highlights just how critical integrations are to a rich set of HackerOne protections.
HackerOne pairs vulnerability scanning with advanced triage to help minimize the attack window and meet internal SLA requirements. Enterprise networks may see hundreds of potential vulnerabilities during a scan, making it difficult to know where to start. HackerOne triage teams work on incoming vulnerability reports to remove false positives, duplicate alerts, and streamline remediation.
Our continuous testing platform helps organizations mitigate security risks by allowing systematic testing at every level of the Software Development Life Cycle (SDLC). Hacker-powered security helps security teams increase visibility, manage costs, and address evolving threats with consolidated, scalable security solutions.