PullRequest, a five-year-old firm that graduated from Y Combinator in 2017, provides an external code review team to software engineers. This not only aids in the detection of errors in code that may have been overlooked, but it also aids in the detection of security flaws before the program is released into the wild. Maybe that’s why a bug bounty firm, HackerOne, bought PullRequest today. If you look at what HackerOne has done in the past, it has hired security experts to locate defects in systems that might have a significant impact if left undiscovered. PullRequest enhances this capacity by providing access to a team of certified code reviewers who can spot an issue even before it reaches production.
When it comes to security, HackerOne CTO Alex Rice sees a movement toward developers, and purchasing PullRequest offers him and his client’s direct access to the development phase. “A trend we’ve noticed across many of our clients is a significant movement toward developers assuming considerably more responsibility for security than in the past, which is a trend I’m very happy about.” Rice told me, “I firmly think that developer-first security techniques are the future of producing reliable technology.”
He claims that the great majority of the problems HackerOne has discovered have occurred after the program has already been released, and that while engineers desire to produce better secure software, finding the bodies to do so isn’t always simple. PulRequest might be useful in this situation. “We have this intention for developers to start taking more responsibility for security, but there’s this gap between what they want to find and what they’re capable of finding,” he explained. “The role of PullRequests here is to bring security expertise into the developer workflow where they need it most.”
When Rice approached PullRequest creator and CEO Lyal Avery about a prospective alliance in September last year, he didn’t realize they were actually competing. However, the two corporations initiated a conversation immediately after that, which resulted in the purchase. According to Crunchbase records, PullRequest was founded in 2017 and raised about $13 million. In 2018, the company raised $8 million in a Series a round. Avery claims to have a network of 10,000 approved reviewers, with roughly 1000 of them actively reviewing. HackerOne has taken on all 12 staff. The transaction was completed last week. Neither firm is willing to reveal the acquisition price.