SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Developers collaborating on software security fixing vulnerabilities digital shield icons
#
Application Security
#
Risk & Compliance
#
Cybersecurity

Cycode & HackerOne integrate to speed software vulnerability fixes

Today
Author image
By Catherine Knowles, Journalist

Cycode and HackerOne have announced a partnership aimed at streamlining the remediation process of vulnerabilities found through bug bounty programmes by leveraging Application Security Posture Management (ASPM).

Bug bounty programmes have become essential to application security strategies, enabling organisations to uncover and validate security vulnerabilities by engaging a community of ethical hackers. HackerOne has developed its reputation for discovering and validating these issues at scale, while Cycode provides ASPM capabilities designed to support security and development teams through vulnerability management.

The partnership will see findings from HackerOne integrated directly into Cycode's platform. This integration is intended to enable rapid assignment, triage, and remediation of validated vulnerabilities, providing security and development teams with additional context to address issues effectively.

"Security threats are evolving fast, and fixing vulnerabilities quickly is more important than ever. Our integration with Cycode gives customers and partners the real-world context and automation they need to move faster. By combining HackerOne's exploit data with Cycode's ASPM capabilities, teams can prioritize the right risks and resolve them earlier in development, so they can ship safer software, faster." – John Addeo, VP Global Partner Ecosystem at HackerOne

According to the companies, vulnerabilities identified through bug bounty reports often represent the most urgent and actionable risks, given that they are verified by independent security researchers and demonstrate exploitability in live environments. However, data from these bug bounty reports frequently resides outside the tools developers use day-to-day, leading to delays and inefficiencies in addressing them.

Through the new integration, HackerOne's findings will be ingested into Cycode's Risk Intelligence Graph (RIG), described as a unified knowledge base of security issues across the software development lifecycle. Each bug bounty report incorporated into RIG will be enhanced with details such as repository mapping - which identifies the precise source code repository where a vulnerability originated - developer ownership to identify responsible parties, and deployment context relating to the specific services or infrastructure affected.

Cycode believes that providing this level of detail gives security teams a clear path from discovery to remediation, while also offering developers actionable context to address issues without unnecessary delay or manual triage.

"Vulnerabilities from HackerOne represent some of the most urgent and actionable risks organizations face. By bringing those findings into the Cycode platform, we're giving teams critical context, ownership mapping, and developer engagement they need to fix issues faster and with greater confidence. This partnership is about helping our customers build more secure software at scale without slowing down velocity." – Prasad Raman, VP Partnerships at Cycode

The collaboration is also expected to accelerate remediation times for shared customers by linking each HackerOne report directly to the relevant code owner. This connection enables teams to meet service-level agreements and reduce mean time to resolution, which is especially important for high-severity vulnerabilities.

Another advantage cited by the companies is the ability to leverage HackerOne's real-world exploit data to improve risk scoring and prioritisation. According to Cycode, this ensures that limited security resources are focused on issues with the highest potential impact.

The integration is designed to work within the toolchains already used by developers - including platforms like Jira, GitHub, GitLab, and Slack - so that findings arrive complete with actionable information and do not require further clarification from application security teams.

Both Cycode and HackerOne state that the partnership is more than just a technical integration, positioning it as a means to strengthen application security workflows overall. HackerOne aims to turn validated bugs into resolved issues, which it sees as a way to bolster customer satisfaction. Cycode, meanwhile, benefits from extended detection capabilities and the ability to contextualise issues based on exploitability in production.

The two companies emphasise that customers stand to benefit from greater efficiency, stronger collaboration, and a more connected approach to securing software throughout development and deployment lifecycles.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Genetec expands Montreal & London sites to meet global demand
Immersive unveils AI Lab Builder to boost cyber readiness skills
Commvault appoints Alan Atkinson & Michelle Graff to drive growth
Internal-themed phishing emails drive sharp rise in staff clicks
GitLab Duo Agent Platform beta unlocks AI-human collaboration

Top stories

Cyber attackers use AI to automate exploits & sell deepfakes
BioCatch launches Scams360 to cut £450 million UK scam losses
Report finds 10% of staff cause 73% of risky cyber behaviour
Quest launches AI security tool to cut response times on AD threats
Ransomware attacks surge 63% in Q2 2025, healthcare hit hard