Like many companies in Silicon Valley, we at HackerOne believe in using what we build. (This is sometimes referred to as eating your own dog food.) It helps us better understand our users’ concerns because we can see them firsthand.
We’ve depended on our bug bounty program to keep our product safe and secure from the start. Since day one, we’ve resolved over 200 reports and paid out over $140,000 in bounties. As a company full of former (and current) hackers and security experts, we aim to have one of the strongest bug bounty programs in the world.
But even at a relatively small company like HackerOne, it can be difficult to keep infosec and development teams in sync all the time. Integrating an infosec platform like HackerOne with software dev tools makes it easier to bridge this gap.
As such, we recently launched a new JIRA integration, and today we’re continuing this effort with the introduction of our new Phabricator integration. We’re a Phabricator shop here at HackerOne, and we built this integration to address some of the historical pain points we saw in our organization.
We’ve been using the Phabricator integration here at HackerOne the past few weeks, and here’s the value we’re seeing so far:
Bring infosec and dev a little closer
With the Phabricator integration, we’ve simplified our triage and repair process by enabling a seamless handoff to the dev team. How?
It’s now possible to view updates on Phabricator tasks within a HackerOne report. This two-way integration means that whenever a Phabricator task’s state changes or a comment is added, an internal comment is posted on the appropriate HackerOne report (and vice versa from HackerOne → Phabricator). Admins also have control to customize the information they want to sync from HackerOne to Phabricator and Phabricator to HackerOne.
The result is no switching back and forth between HackerOne and Phabricator!
Phabricator Task
HackerOne Report
Create Phabricator tasks with one click
We can also easily create Phabricator tasks with just one click straight from a HackerOne report. The process runs in the background, and the ticket is automatically referenced in the HackerOne report.
Getting started
To enable the new Phabricator integration, sign into your HackerOne account and go to your integration settings (Settings -> Program -> Integrations).
Interested in trying it out? Please let us know if you have questions or if you would like help getting started.
The HackerOne Phabricator integration is brought to you by Willian, Maarten, Alexander, Jens, and the HackerOne team.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty solutions encompass vulnerability assessment, crowdsourced security testing and responsible disclosure management. Discover more about our hacker powered security testing solutions or Contact Us today.