HackerOne https://www.hackerone.com/blog.rss The HackerOne Blog en Transparency Builds Trust https://www.hackerone.com/blog/transparency-builds-trust Someone called it a “breach,” and the world took notice. Here is the story. <br /> Fri, 06 Dec 2019 06:00:00 -0800 Jobert Abma https://hackerone.com/blog/transparency-builds-trust How Bug Bounties Help You Shift Left https://www.hackerone.com/blog/how-bug-bounties-help-you-shift-left Tue, 26 Nov 2019 14:00:00 -0800 johnk https://hackerone.com/blog/how-bug-bounties-help-you-shift-left HackerOne is a 2019 Cyber Catalyst Designated Cybersecurity Solution https://www.hackerone.com/blog/hackerone-2019-cyber-catalyst-designated-cybersecurity-solution Thu, 21 Nov 2019 16:00:00 -0800 johnk https://hackerone.com/blog/hackerone-2019-cyber-catalyst-designated-cybersecurity-solution 8 High-impact Bugs and How HackerOne Customers Avoided a Breach: SQL Injection https://www.hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-sql-injection Wed, 20 Nov 2019 14:00:00 -0800 johnk https://hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-sql-injection How the Risk-Averse DoD Learned to Stop Worrying and Love the Hackers https://www.hackerone.com/blog/how-risk-averse-dod-learned-stop-worrying-and-love-hackers Tue, 19 Nov 2019 12:15:00 -0800 johnk https://hackerone.com/blog/how-risk-averse-dod-learned-stop-worrying-and-love-hackers The World's Elite Hackers Share Tips and Insights https://www.hackerone.com/blog/conversation-three-elite-hackers Fri, 15 Nov 2019 13:00:00 -0800 johnk https://hackerone.com/blog/conversation-three-elite-hackers LINE Launches Public Bug Bounty Program: Q&A with Security Engineer Robin Lunde https://www.hackerone.com/blog/line-launches-public-bug-bounty-program-qa-security-engineer-robin-lunde Today, after three successful years running an independent bug bounty program, LINE launched a public bug bounty program on HackerOne. To learn more about the popular messaging app’s security strategy and commitment to the hacker community, we sat down with security engineers Robin Lunde, Koh You Liang and Keitaro Yamazaki. Read on for a glimpse into our conversation. <br /> Thu, 14 Nov 2019 22:00:00 -0800 johnk https://hackerone.com/blog/line-launches-public-bug-bounty-program-qa-security-engineer-robin-lunde Supporting the Source: Why HackerOne is Upgrading its Free Tools for Open Source https://www.hackerone.com/blog/supporting-source-why-hackerone-upgrading-its-free-tools-open-source Open source software powers HackerOne. As part of our mission to make the internet safer, we want to make it easier for your open source project to remain secure, so we’re joining GitHub Security Lab. Read on for more on why we’re joining, new free offerings for open source projects from HackerOne, and new open source targets for hackers from GitHub and HackerOne. Thu, 14 Nov 2019 10:15:00 -0800 johnk https://hackerone.com/blog/supporting-source-why-hackerone-upgrading-its-free-tools-open-source Announcing Program Audit Log https://www.hackerone.com/blog/announcing-program-audit-log As our customers’ security teams grow, it’s important for us to sustain their growth with new features. Today we’re announcing the Program Audit Log. It enables customers to audit important actions that were taken in their program, such as permission updates, new members, bounty rewards, and program settings. Read on for more! Thu, 14 Nov 2019 06:55:55 -0800 johnk https://hackerone.com/blog/announcing-program-audit-log Reducing Risk With a Bug Bounty Program https://www.hackerone.com/blog/reducing-risk-bug-bounty-program Mon, 11 Nov 2019 11:15:00 -0800 johnk https://hackerone.com/blog/reducing-risk-bug-bounty-program U.S. Department of Defense VDP Wins Prestigious 2019 DoD Chief Information Officer Award https://www.hackerone.com/blog/us-department-defense-vdp-wins-prestigious-2019-dod-chief-information-officer-award-0 On Nov. 3, 2019 in the Pentagon Auditorium, the DoD Cyber Crime Center (DC3) Vulnerability Disclosure Program (VDP) was awarded the 2019 DoD Chief Information Officer (CIO) award for Cybersecurity. Over the past three years, the VDP on HackerOne has processed more than 11,000 vulnerabilities discovered by researchers within DoD’s public facing websites. Mon, 11 Nov 2019 08:00:00 -0800 johnk https://hackerone.com/blog/us-department-defense-vdp-wins-prestigious-2019-dod-chief-information-officer-award-0 Hacking the Singapore Government: A Q&A With A Top Hacker & MINDEF 2.0 Results https://www.hackerone.com/blog/hacking-singapore-government-qa-top-hacker-mindef-20-results On Friday, HackerOne announced the results of the second bug bounty challenge with the Ministry of Defence, Singapore (MINDEF). The three-week challenge ran from September 30, 2019 to October 21, 2019, and saw participation from over 300 trusted hackers from around the world — 134 local Singaporean-hackers and 171 international ethical hackers. HackerOne sat down with @SpaceRacoon to chat MINDEF Singapore’s bug bounty challenge, what it takes to be a top hacker, the future of bug bounty, and more. Read on to hear more! Thu, 07 Nov 2019 18:00:00 -0800 johnk https://hackerone.com/blog/hacking-singapore-government-qa-top-hacker-mindef-20-results 8 High-Impact Bugs and How HackerOne Customers Avoided a Breach: Information Disclosure https://www.hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-information-disclosure Thu, 07 Nov 2019 16:00:00 -0800 johnk https://hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-information-disclosure Scaling Security: From Startup to Unicorn https://www.hackerone.com/blog/scaling-security-startup-unicorn-0 Wed, 06 Nov 2019 14:00:00 -0800 johnk https://hackerone.com/blog/scaling-security-startup-unicorn-0 Why Laurie Mercer Became a Security Engineer at HackerOne https://www.hackerone.com/blog/why-laurie-mercer-became-security-engineer-hackerone Mon, 04 Nov 2019 09:10:00 -0800 johnk https://hackerone.com/blog/why-laurie-mercer-became-security-engineer-hackerone Security@ Fireside Chat: Insights from Phil Venables of Goldman Sachs https://www.hackerone.com/blog/security-fireside-chat-insights-phil-venables-goldman-sachs Fri, 01 Nov 2019 13:45:00 -0700 johnk https://hackerone.com/blog/security-fireside-chat-insights-phil-venables-goldman-sachs Keynote with Phil Venables of Goldman Sachs https://www.hackerone.com/blog/keynote-phil-venables-goldman-sachs Thu, 31 Oct 2019 17:00:09 -0700 johnk https://hackerone.com/blog/keynote-phil-venables-goldman-sachs Q&A with HackerOne's New Vice President, APAC, Attley Ng https://www.hackerone.com/blog/qa-hackerones-new-vice-president-apac-attley-ng Tue, 29 Oct 2019 18:00:00 -0700 johnk https://hackerone.com/blog/qa-hackerones-new-vice-president-apac-attley-ng Lowering Your Pentesting Fees with HackerOne https://www.hackerone.com/blog/lowering-your-pentesting-fees-hackerone-challenge Mon, 28 Oct 2019 16:00:00 -0700 johnk https://hackerone.com/blog/lowering-your-pentesting-fees-hackerone-challenge Slack Increases Minimum Bounties for High and Critical Bugs for 30 Days https://www.hackerone.com/blog/slack-increases-minimum-bounties-high-and-critical-bugs-30-days Over the past five years, Slack and HackerOne have established a partnership and commitment to ensure Slack’s platform is secure for its over 12 million daily active users. To build on this momentum and engage top researchers from the HackerOne community, Slack is increasing its minimum bounties for High and Critical findings to $2500 and $5000 respectively for a limited time. Read on to learn more! Mon, 28 Oct 2019 08:00:00 -0700 johnk https://hackerone.com/blog/slack-increases-minimum-bounties-high-and-critical-bugs-30-days 8 High-Impact Bugs and How HackerOne Customers Avoided a Breach: Privilege Escalation https://www.hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-privilege-escalation Fri, 25 Oct 2019 09:49:00 -0700 johnk https://hackerone.com/blog/8-high-impact-bugs-and-how-hackerone-customers-avoided-breach-privilege-escalation Top Four Reasons Your Management Should Look into Hacker-Powered Security https://www.hackerone.com/blog/top-four-reasons-your-management-should-look-hacker-powered-security Thu, 24 Oct 2019 10:00:00 -0700 johnk https://hackerone.com/blog/top-four-reasons-your-management-should-look-hacker-powered-security HackerOne Congratulates the Department of Defense on 11K Vulnerability Reports https://www.hackerone.com/blog/hackerone-congratulates-department-defense-11k-vulnerability-reports Tue, 22 Oct 2019 09:00:00 -0700 johnk https://hackerone.com/blog/hackerone-congratulates-department-defense-11k-vulnerability-reports Through a Hacker's Eyes: Recapping h1-604 https://www.hackerone.com/blog/through-hackers-eyes-recapping-h1-604 For the first time ever, a hacker writes a live hacking recap blog, highlighting what it is like to attend a live event. Katie (@InsiderPhD) gives a first-person narrative of h1-604. From seeing a bear for the first time to collaborating closely with peers, Katie covers all the adventures of heading to Vancouver, Canada to hunt bugs. Mon, 21 Oct 2019 11:56:58 -0700 johnk https://hackerone.com/blog/through-hackers-eyes-recapping-h1-604 Highlights from our Biggest and Best Security@ Conference https://www.hackerone.com/blog/highlights-third-security-conference Fri, 18 Oct 2019 14:00:00 -0700 johnk https://hackerone.com/blog/highlights-third-security-conference Improve Compliance Testing Results with HackerOne Challenge https://www.hackerone.com/blog/improving-compliance-testing-results-hackerone-challenge Thu, 17 Oct 2019 16:10:00 -0700 johnk https://hackerone.com/blog/improving-compliance-testing-results-hackerone-challenge Tell Your Hacker Story with the Redesigned Profile Pages https://www.hackerone.com/blog/tell-your-hacker-story-redesigned-profile-pages Wed, 16 Oct 2019 10:00:00 -0700 johnk https://hackerone.com/blog/tell-your-hacker-story-redesigned-profile-pages 3 Ways Hacker-Powered Security Helps the Agile CISO https://www.hackerone.com/blog/3-ways-hacker-powered-security-helps-agile-ciso Fri, 11 Oct 2019 15:00:00 -0700 johnk https://hackerone.com/blog/3-ways-hacker-powered-security-helps-agile-ciso More Than Bounty: Beating Burnout with Hacker-Powered Security https://www.hackerone.com/blog/more-bounty-beating-burnout-hacker-powered-security Fri, 04 Oct 2019 14:00:00 -0700 johnk https://hackerone.com/blog/more-bounty-beating-burnout-hacker-powered-security Breaking Down the Benefits of Hacker-Powered Pentests https://www.hackerone.com/blog/breaking-down-benefits-hacker-powered-pentests Mon, 30 Sep 2019 13:00:00 -0700 johnk https://hackerone.com/blog/breaking-down-benefits-hacker-powered-pentests PayPal Celebrates Its First Anniversary on HackerOne https://www.hackerone.com/blog/paypal-celebrates-its-first-anniversary-hackerone It’s been a year since PayPal transitioned its Bug Bounty program to HackerOne. During that time, PayPal has paid out more than $1.5 million in bounties to the hacker community. In this post Ray Duran, manager of PayPal’s Bug Bounty team, reflects on PayPal’s journey, shares some exciting changes to the program and discusses what’s to come. Thu, 26 Sep 2019 08:00:00 -0700 johnk https://hackerone.com/blog/paypal-celebrates-its-first-anniversary-hackerone GitLab: Reducing the time to payout and a bug bounty anniversary contest https://www.hackerone.com/blog/gitlab-reducing-time-payout-and-bug-bounty-anniversary-contest In just nine months since going public GitLab&#039;s bug bounty program has seen substantial contributions from the HackerOne community. Since going public, researchers have submitted 1016 reports and GitLab has paid out $395,000 in bounties. Leading up to the one year anniversary of GitLab&#039;s public program, they&#039;ve changed their bounty payout timeline based on hacker feedback, are spotlighting some of their top contributors, and launched a contest open for all! Check it out. Wed, 25 Sep 2019 11:30:00 -0700 johnk https://hackerone.com/blog/gitlab-reducing-time-payout-and-bug-bounty-anniversary-contest Announcing the Security@ San Francisco 2019 Agenda https://www.hackerone.com/blog/announcing-security-san-francisco-2019-agenda The agenda for the third annual hacker-powered security conference, Security@ San Francisco, is live! Security@ is the only conference dedicated to the booming hacker-powered security industry, where hackers and leaders come together to build a safer internet. The conference takes place on October 15, 2019 at the Palace of Fine Arts and will include talks by security leaders from some of the most innovative security teams. In addition, hackers from all over the world will discuss lessons learned from defending the front lines, scaling security teams, and addressing the talent gap. 2019 promises to be our largest event yet! Wed, 18 Sep 2019 06:00:00 -0700 johnk https://hackerone.com/blog/announcing-security-san-francisco-2019-agenda How HackerOne Fits into the Dev Tools You Know and Love https://www.hackerone.com/blog/how-hackerone-fits-dev-tools-you-know-and-love Tue, 17 Sep 2019 12:30:00 -0700 johnk https://hackerone.com/blog/how-hackerone-fits-dev-tools-you-know-and-love How Companies Like Facebook Find the Bugs that Matter https://www.hackerone.com/blog/how-companies-facebook-find-bugs-matter Mon, 09 Sep 2019 08:45:00 -0700 johnk https://hackerone.com/blog/how-companies-facebook-find-bugs-matter Hacking with Valor: Why We Raised $36.4M with Valor Equity Partners https://www.hackerone.com/blog/investors-love-hackers-why-we-raised-364m-valor-equity-partners Our civilization is going digital. That’s fantastic. Unfortunately, our software is not secure enough to carry a digital and connected civilization. When systems get breached, people can’t trust the digital world. In a way, we try to do too much. Our innovation is outpacing security and privacy. Something must be done. This is the HackerOne commitment: As long as our digital world is plagued by vulnerabilities, we will continue to hack for the good of our connected society. Sun, 08 Sep 2019 08:00:00 -0700 Mårten Mickos https://hackerone.com/blog/investors-love-hackers-why-we-raised-364m-valor-equity-partners Upserve Resolves Over 85 Bugs in Two Years Thanks to Hackers https://www.hackerone.com/blog/upserve-resolves-over-85-bugs-two-years-thanks-hackers It’s been two years since Upserve launched its public bug bounty program on HackerOne. During that time, Upserve’s security team has resolved over 85 valid vulnerabilities thanks to hackers, paying $68,000 in bounties along the way. To celebrate the milestone, we sat down with Upserve’s Information Security Officer Bryan Brannigan to look back on humble beginnings, learn more about how they incorporate hackers in their security initiatives, and discuss how they’ve increase engagement through public disclosures. Take a look! Thu, 05 Sep 2019 08:00:00 -0700 johnk https://hackerone.com/blog/upserve-resolves-over-85-bugs-two-years-thanks-hackers Why Hacker-Powered Security is the Answer to Every Security Questionnaire https://www.hackerone.com/blog/why-hacker-powered-security-right-answer-every-security-questionnaire Every company targeting mid-size or larger companies is bound to experience the joys of the formal security questionnaire. And as security becomes more top of mind across every company, these security questionnaires will likely become more popular and more involved... Wed, 04 Sep 2019 08:00:00 -0700 johnk https://hackerone.com/blog/why-hacker-powered-security-right-answer-every-security-questionnaire Bringing the Heat to Vegas: Recapping record-breaking h1-702 https://www.hackerone.com/blog/bringing-heat-vegas-recapping-record-breaking-h1-702 HackerOne hosted their largest live hacking event to date in Las Vegas Nevada. With Hacker Summer Camp in the background, h1-702 broke several records. This included paying out nearly two million in bounties to hackers over the three days. Tue, 03 Sep 2019 08:00:00 -0700 johnk https://hackerone.com/blog/bringing-heat-vegas-recapping-record-breaking-h1-702 HackerOne Praised By An Original Hacker https://www.hackerone.com/blog/hackerone-praised-original-hacker Steve Gibson, a security researcher who started hacking technology as a child, recently gave HackerOne high praise for helping to secure companies with bug bounty programs. We’re proud when our dedicated team gets the praise they deserve from those in the industry. Fri, 30 Aug 2019 14:00:00 -0700 johnk https://hackerone.com/blog/hackerone-praised-original-hacker Meet Six Hackers Making Seven Figures https://www.hackerone.com/blog/meet-six-hackers-making-seven-figures A mere five months after 19-year-old Argentinian Santiago Lopez crossed the $1 million bounty mark, five more hackers from across the globe have now each earned over $1 million in bounties with HackerOne. Thu, 29 Aug 2019 03:00:00 -0700 johnk https://hackerone.com/blog/meet-six-hackers-making-seven-figures Hacker-Powered Data - Security Weaknesses and Embracing Risk with HackerOne https://www.hackerone.com/blog/hacker-powered-data-security-weaknesses-and-embracing-risk-hackerone Vulnerabilities are a fact of life; risk comes with it. Today, companies, enterprises, &amp; governments are embracing collaboration with hackers to find vulnerabilities before criminals have a chance to exploit them. Using 7 years of data from 1,400 bug bounty programs &amp; 360,000+ valid vulnerabilities, this post offers a new analysis of the most common vulnerabilities not found on the OWASP top 10. Mon, 26 Aug 2019 03:00:00 -0700 johnk https://hackerone.com/blog/hacker-powered-data-security-weaknesses-and-embracing-risk-hackerone Don’t Believe These 4 Bug Bounty Myths https://www.hackerone.com/blog/dont-believe-these-4-bug-bounty-myths Thu, 22 Aug 2019 10:00:00 -0700 johnk https://hackerone.com/blog/dont-believe-these-4-bug-bounty-myths Black Hat 2019: Highlights from the Biggest and Best Yet https://www.hackerone.com/blog/black-hat-2019-highlights-biggest-and-best-yet Black Hat 2019 was the biggest and best yet. Over 20,000 attendees heated up Las Vegas with provocative training sessions, innovative presentations, and record-breaking live hacking events.  Mon, 19 Aug 2019 13:00:00 -0700 johnk https://hackerone.com/blog/black-hat-2019-highlights-biggest-and-best-yet The Security Vendors Startups like Lob Can't Live Without https://www.hackerone.com/blog/security-vendors-startups-lob-cant-live-without Mon, 29 Jul 2019 10:07:00 -0700 johnk https://hackerone.com/blog/security-vendors-startups-lob-cant-live-without GraphQL Week on The Hacker101 Capture the Flag Challenges https://www.hackerone.com/blog/graphql-week-hacker101-capture-flag-challenges Recently we rolled out 3 separate GraphQL-basd Hacker101 Capture the Flag challenges. These are valuable educational resources for hackers and developers alike, improving bug hunting capability and helping developers prevent security missteps when implementing GraphQL. Wed, 17 Jul 2019 08:00:00 -0700 Cody Brocious https://hackerone.com/blog/graphql-week-hacker101-capture-flag-challenges Live Hacking Events: Stats, invitations, and what’s next https://www.hackerone.com/blog/live-hacking-events-stats-invitations-and-whats-next Live hacking events are an experience unlike any other. This post is about how you can increase your chances of being invited to hack. We dive into the history of live hacking events and some of the criteria that’s taken into consideration Mon, 15 Jul 2019 07:00:00 -0700 luke https://hackerone.com/blog/live-hacking-events-stats-invitations-and-whats-next London Called, Hackers Answered: Recapping h1-4420 https://www.hackerone.com/blog/london-called-hackers-answered-recapping-h1-4420 Uber partnered with us for their third live hacking event in London, paying out over $375,000 in bounties to hackers who found more than 150 unique vulnerabilities across Uber, Uber Restaurants and Uber Freight. Wed, 03 Jul 2019 00:00:00 -0700 johnk https://hackerone.com/blog/london-called-hackers-answered-recapping-h1-4420 Speakers Wanted: Security@ San Francisco 2019 https://www.hackerone.com/blog/speakers-wanted-security-san-francisco-2019 Security@ San Francisco 2019 is taking place October 15 and we are stoked to announce our first ever call for speakers! The deadline to submit is August 16. Fri, 21 Jun 2019 09:00:00 -0700 johnk https://hackerone.com/blog/speakers-wanted-security-san-francisco-2019 Verizon Media Webinar Recap: Attack Surface Visibility & Reducing Risk https://www.hackerone.com/blog/verizon-media-webinar-recap-attack-surface-visibility-reducing-risk Bug bounty tips from a Paranoid: hackers as an extension of your security team, honoring the security page as a contract with hackers, investing in the community through things like Live Hacking events, and using the outside perspective from the hacker community to strengthen their entire SDLC. Wed, 19 Jun 2019 08:00:00 -0700 HackerOne https://hackerone.com/blog/verizon-media-webinar-recap-attack-surface-visibility-reducing-risk Breaking Down the Benefits of Hacker-Powered Pen Tests https://www.hackerone.com/blog/breaking-down-benefits-hacker-powered-pen-tests Breaking down the benefits of hacker-powered pen tests from the recent Forrester report. The most important benefit was finding more vulnerabilities, both in terms of numbers and criticality, in order to remediate them and create better system security. Wed, 12 Jun 2019 09:00:00 -0700 HackerOne https://hackerone.com/blog/breaking-down-benefits-hacker-powered-pen-tests The HackerOne Top 10 Most Impactful and Rewarded Vulnerability Types https://www.hackerone.com/blog/hackerone-top-10-most-impactful-and-rewarded-vulnerability-types We’ve put together a list of the most impactful vulnerabilities on the HackerOne platform so you can see where to aim your security efforts and how to better align your security team to today’s biggest risks. Learn which vulnerabilities aren’t in the OWASP Top 10 and see the top vulnerabilities submitted by volume, bounty awards, and more. Tue, 11 Jun 2019 06:30:00 -0700 HackerOne https://hackerone.com/blog/hackerone-top-10-most-impactful-and-rewarded-vulnerability-types Improving Your Workflows and Analysis with Custom Fields https://www.hackerone.com/blog/improving-your-workflows-and-analysis-custom-fields HackerOne is thrilled to release Custom Fields, the latest way to sharpen security workflows and software development cycles. Custom Fields empowers teams to gain new insights into data by adding details such as ownership, risk category and root cause to vulnerability reports. Thu, 06 Jun 2019 11:00:00 -0700 Martijn Russchen https://hackerone.com/blog/improving-your-workflows-and-analysis-custom-fields Cloud Security Alliance Webinar Recap: Avoid the Breach with Shopify’s Andrew Dunbar https://www.hackerone.com/blog/cloud-security-alliance-webinar-recap-avoid-breach-shopifys-andrew-dunbar Security is a top priority for e-commerce giant Shopify, with over 600,000 businesses in 175 countries trusting them to sell online and everywhere in the world. Shopify&#039;s Vice President of Security Engineering and IT, Andrew Dunbar and HackerOne’s Luke Tucker discuss best practices for testing and securing cloud-based web applications. Mon, 03 Jun 2019 10:00:00 -0700 HackerOne https://hackerone.com/blog/cloud-security-alliance-webinar-recap-avoid-breach-shopifys-andrew-dunbar When Moving To the Cloud, Don’t Leave Basic Security Behind https://www.hackerone.com/blog/when-moving-cloud-dont-leave-basic-security-behind How to break into a serverless application, a TestLabs blog review. We’ll also discuss why changes in technology don’t change security best practices. Thu, 30 May 2019 09:00:00 -0700 johnk https://hackerone.com/blog/when-moving-cloud-dont-leave-basic-security-behind Grand Rounds VP InfoSec: Achieving SOC 2 Type II Compliance with Hacker-Powered Security https://www.hackerone.com/blog/grand-rounds-vp-infosec-achieving-soc-2-type-ii-compliance-hacker-powered-security Grand Rounds is an innovative new healthcare company using hacker-powered security for better, more effective pen tests. Learn how HackerOne Compliance meets HIPPA, SOC2, and other security testing needs. Tue, 28 May 2019 09:00:00 -0700 johnk https://hackerone.com/blog/grand-rounds-vp-infosec-achieving-soc-2-type-ii-compliance-hacker-powered-security Automate Workflows with Enhanced Jira Integration https://www.hackerone.com/blog/automate-workflows-enhanced-jira-integration Integrating with Jira has always been an important piece of integrating HackerOne into the SDLC of our customers. HackerOne’s bi-directional Jira integration is currently in use by many of our customers and today we’re announcing how it’s getting even better. Tue, 28 May 2019 07:00:00 -0700 Martijn Russchen https://hackerone.com/blog/automate-workflows-enhanced-jira-integration Taking The Guesswork Out of Vulnerability Reporting https://www.hackerone.com/blog/taking-guesswork-out-of-vulnerability-reporting To make vulnerability disclosure easier on open source maintainers, GitHub and HackerOne are collaborating to help close the gap between the hacker community and software engineers. Thu, 23 May 2019 06:00:00 -0700 Jobert Abma https://hackerone.com/blog/taking-guesswork-out-of-vulnerability-reporting See Your Success In Real Time with the new Program Dashboard https://www.hackerone.com/blog/see-your-success-in-real-time-with-the-new-program-dashboard Effective security programs are more efficient when backed with clear reports that both technical and business teams understand. The HackerOne program dashboard delivers real-time insights into the program metrics that matter most to your programs, such as submission status, bounty spent, exploit severity, asset weaknesses, program health, and more. Wed, 22 May 2019 07:00:00 -0700 Martijn Russchen https://hackerone.com/blog/see-your-success-in-real-time-with-the-new-program-dashboard Companies Moving to HackerOne Challenge from Traditional Pen Testing See 115% ROI, Improved Customer Satisfaction, Better Security, Says New Forrester Report https://www.hackerone.com/blog/companies-moving-hackerone-challenge-traditional-pen-testing-see-115-roi-improved-customer Based on interviews with multiple HackerOne Challenge customers, Forrester calculates a savings of more than $500,000 over three years compared to traditional pen testing. The Forrester report also finds that moving to HackerOne Challenge increases customer satisfaction and retention and greatly improves security, reducing the likelihood of a security breach. Tue, 14 May 2019 08:00:00 -0700 johnk https://hackerone.com/blog/companies-moving-hackerone-challenge-traditional-pen-testing-see-115-roi-improved-customer Inside the GitLab public bug bounty program https://www.hackerone.com/blog/inside-gitlab-public-bug-bounty-program Since launching GitLab’s public bug bounty program in December 2018, their team has resolved 95 security findings, awarded more than $300,000 in bounties and rewarded over 35 hackers for those findings. The overarching goal of their bug bounty program is to make their products and services more secure. In this guest post, Senior Director of Security Kathy Wang shares the early success they’ve seen to date. Tue, 30 Apr 2019 09:00:00 -0700 johnk https://hackerone.com/blog/inside-gitlab-public-bug-bounty-program Hacking Dropbox Live in the Heart of Singapore at h1-65 https://www.hackerone.com/blog/hacking-dropbox-live-heart-singapore-h1-65 Dropbox joined us as the participating company, paying out over $330,000 in bounties to hackers who found 264 vulnerabilities across Dropbox, Dropbox Paper, newly-acquired HelloSign, and third-party vendors that work with Dropbox. Mon, 29 Apr 2019 09:00:00 -0700 johnk https://hackerone.com/blog/hacking-dropbox-live-heart-singapore-h1-65 PayPal Thanks Hackers with $1 Million in 7 Months on HackerOne https://www.hackerone.com/blog/paypal-thanks-hackers-1-million-7-months-hackerone-0 Since launching an independently run bug bounty program in 2012, PayPal’s program has evolved several times over, including transitioning to a platform, HackerOne, in 2018 to expand participation from 2,000 hackers to over 300,000 hackers on the platform. In just 6 months, we’re proud to announce that PayPal has paid over $1 million to hackers through HackerOne. It’s quite a milestone for us, and so much more the a dollar figure. Thu, 25 Apr 2019 08:00:00 -0700 johnk https://hackerone.com/blog/paypal-thanks-hackers-1-million-7-months-hackerone-0 Priceline Launches Public Bug Bounty Program: Q&A with Matt Southworth https://www.hackerone.com/blog/priceline-launches-public-bug-bounty-program-qa-matt-southworth Today, Priceline launched its public bug bounty program on HackerOne, including Priceline’s e-commerce site, Priceline.com, PPN affiliate sites and mobile apps. We sat down with Matt to learn more about their program, prioritizing customer trust, what it’s like working with hackers, and more. Check it out! Tue, 23 Apr 2019 09:00:00 -0700 johnk https://hackerone.com/blog/priceline-launches-public-bug-bounty-program-qa-matt-southworth Announcing the Community T-shirt Winner(s) https://www.hackerone.com/blog/announcing-community-t-shirt-winners-0 Hackers submitted amazing designs for the first ever community t-shirt contest! @akaash2397 received the most votes among the three finalists for his Bug Hunter design. Fri, 19 Apr 2019 00:00:00 -0700 johnk https://hackerone.com/blog/announcing-community-t-shirt-winners-0 Learn How HackerOne Can Help You Crawl, Walk, or Run Your Way to a Bug Bounty Program https://www.hackerone.com/blog/learn-how-hackerone-can-help-you-crawl-walk-or-run-your-way-bug-bounty-program No matter your company size or security team bandwidth, learn how to get a bug bounty program started with advice from those who’ve launched hundreds of new programs. This webinar explains how to get a program started at your own pace, what you need to think about before you start, and how you can control the program’s impact on your existing infrastructure. It’s only 25 minutes, so grab a coffee, take a break, and watch it now. Tue, 16 Apr 2019 13:00:00 -0700 johnk https://hackerone.com/blog/learn-how-hackerone-can-help-you-crawl-walk-or-run-your-way-bug-bounty-program What the California Consumer Privacy Act Means For You https://www.hackerone.com/blog/What-CCPA-Means-You The collection of personal data and the privacy issues surrounding it have been a hot topic the past several years, especially in the security industry. Governments are taking notice and new regulations are appearing. The new California Consumer Privacy Act (CCPA) is a regulation requiring certain organizations to protect the personal data and privacy of California consumers. HackerOne can help you. Tue, 09 Apr 2019 09:00:00 -0700 johnk https://hackerone.com/blog/What-CCPA-Means-You Hackers have earned more than $50M in bug bounty cash on HackerOne: Time to celebrate! https://www.hackerone.com/blog/Hackers-have-earned-more-50M-bug-bounty-cash-HackerOne-Time-celebrate Hackers, congratulate yourselves on an incredible milestone, earning $50M+ for your contributions to a safer internet. HackerOne’s mission is to empower the world to build a safer internet, and you are the heroic individuals making that mission a day-to-day reality. Thank you for inspiring us with your creativity and talents. Keep pursuing the flags, squashing the bugs, and sharing the knowledge. Together. We. Hit. Harder. Happy hacking one and all!<br /> Mon, 08 Apr 2019 09:00:00 -0700 Anonymous https://hackerone.com/blog/Hackers-have-earned-more-50M-bug-bounty-cash-HackerOne-Time-celebrate How Hackers Define “Hacker” https://www.hackerone.com/blog/How-Hackers-Define-Hacker Dictionary definitions tend to conflate “hacker” with “criminal”. We know that’s definitely not the case, but we wanted to know what hackers think. We combed through more than three dozen interviews to determine and share the true definition of “hacker” from hackers themselves. Thu, 04 Apr 2019 09:00:00 -0700 johnk https://hackerone.com/blog/How-Hackers-Define-Hacker Hacker-Powered Security, Government Support Needed to Protect Financial Services Consumers from Application Vulnerabilities https://www.hackerone.com/blog/Hacker-Powered-Security-Government-Support-Needed-Protect-Financial-Services-Consumers What is the current state of security in the financial sector? How can governments contribute to this security? These questions were addressed by Christopher Parsons in his testimony before the Standing Committee on Public Safety and National Security (SECU) in Canada. His testimony shines a light on some major issues facing the security community in Canada and across the world.  Wed, 03 Apr 2019 14:00:00 -0700 johnk https://hackerone.com/blog/Hacker-Powered-Security-Government-Support-Needed-Protect-Financial-Services-Consumers Product Updates and Enhancements https://www.hackerone.com/blog/Product-Update-Q1-2019 Tue, 02 Apr 2019 09:00:00 -0700 johnk https://hackerone.com/blog/Product-Update-Q1-2019 Airbnb and Verizon Media participate in 3rd annual h1-415 live hacking event including a cybersecurity mentorship program https://www.hackerone.com/blog/Airbnb-and-Verizon-Media-participate-3rd-annual-h1-415-live-hacking-event-including The power of collaboration came through full-force in our first live hacking event of 2019. Hosted over three days, we partnered with Airbnb and Verizon Media for hacking, mentoring, and celebrating the community. Mon, 01 Apr 2019 16:00:00 -0700 johnk https://hackerone.com/blog/Airbnb-and-Verizon-Media-participate-3rd-annual-h1-415-live-hacking-event-including Xiaomi Security Center Welcomes Security Research with HackerOne Partnership https://www.hackerone.com/blog/Xiaomi-Security-Center-Welcomes-Security-Research-HackerOne-Partnership Please welcome the Xiaomi Security Center to HackerOne! Xiaomi, one of the world’s largest consumer electronics manufacturers, is launching a vulnerability disclosure program (VDP) on April 1, 2019, welcoming vulnerability submissions for products and services under the brands of Xiaomi, Mijia, Mitu, and Redmi. Check it out! Sun, 31 Mar 2019 19:00:00 -0700 johnk https://hackerone.com/blog/Xiaomi-Security-Center-Welcomes-Security-Research-HackerOne-Partnership Security at Startup Speed: Enterprise Grade Security from the Start https://www.hackerone.com/blog/Security-Startup-Speed-Enterprise-Grade-Security-Start Startups today must adapt to a rapidly changing environment, completing security tasks along with code deploys and automating security scans as much as possible. But even with these measures, security vulnerabilities find a way to slip through the cracks. That’s where hacker-powered security can put out the embers of the fire you may have missed. Learn how hacker-powered security allows startups to launch smart. Thu, 14 Mar 2019 16:00:00 -0700 johnk https://hackerone.com/blog/Security-Startup-Speed-Enterprise-Grade-Security-Start Q&A with Brian Neely, CIO & CISO of AMERICAN SYSTEMS https://www.hackerone.com/blog/QA-Brian-Neely-CIO-CISO-AMERICAN-SYSTEMS As a defense contractor, AMERICAN SYSTEMS provides IT and engineering solutions for complex national priority programs for the U.S. government. As you can imagine, the sensitive programs and data they hold makes them heavily targeted by sophisticated, determined, highly resourced nation-state threat actors. Losing data would mean losing a competitive advantage on the battlefield. In short, lives could be at stake. That’s not your average security breach. We sat down with CIO and CISO Brian Neely to learn a bit more about how he’s seen the industry evolve, what’s next and how hacker-powered security fits into the matrix. Mon, 04 Mar 2019 07:00:00 -0800 johnk https://hackerone.com/blog/QA-Brian-Neely-CIO-CISO-AMERICAN-SYSTEMS The 2019 Hacker Report: Celebrating The World’s Largest Community of Hackers https://www.hackerone.com/blog/2019-Hacker-Report-Celebrating-Worlds-Largest-Community-Hackers The third annual Hacker Report includes the largest survey conducted to date of the ethical hacking community with hackers participating from over 100 countries and territories. Hackers are heroes, they are in it for the good and there is more opportunity than ever before. The 2019 Hacker Report shares the stories and celebrates the impact of the hacker community. Fri, 01 Mar 2019 09:16:00 -0800 johnk https://hackerone.com/blog/2019-Hacker-Report-Celebrating-Worlds-Largest-Community-Hackers @try_to_hack Makes History as First Bug Bounty Hacker to Earn over $1 Million https://www.hackerone.com/blog/trytohack-Makes-History-First-Bug-Bounty-Hacker-Earn-over-1-Million 19-year-old Argentinian @try_to_hack just made history as the first to earn over $1,000,000 in bounty awards on HackerOne. We connect with him to learn more about how he reached this impressive milestone. We hope you are just inspired as we are! Fri, 01 Mar 2019 00:00:00 -0800 johnk https://hackerone.com/blog/trytohack-Makes-History-First-Bug-Bounty-Hacker-Earn-over-1-Million Q&A with HackerOne’s VP of Customer Success Jeff McBride https://www.hackerone.com/blog/QA-HackerOnes-VP-Customer-Success-Jeff-McBride We sat down with HackerOne’s VP of Customer Success, Jeff McBride, to get more acquainted with his style of leadership, what customer success means to him, and his view of hacker-powered program management. Take a look at our conversation. Wed, 27 Feb 2019 08:00:00 -0800 johnk https://hackerone.com/blog/QA-HackerOnes-VP-Customer-Success-Jeff-McBride Program Insights from the PayPal Security Team https://www.hackerone.com/blog/Program-Insights-QA-PayPal-Security-Team PayPal’s security team is tasked with helping to protect personal financial information for millions of account holders every day. We sat down with PayPal Information Security Engineers Ray Duran, Sonal Shrivastava, and Pax Whitmore, and Project Manager Rebecca Francom to learn more about how PayPal works with researchers, what the journey of a bug looks like once it gets reported, and what findings are most impactful. Tue, 26 Feb 2019 08:00:00 -0800 johnk https://hackerone.com/blog/Program-Insights-QA-PayPal-Security-Team Introducing Hacker Task Manager and Statistics https://www.hackerone.com/blog/Introducing-Hacker-Task-Manager-and-Statistics We’re proud to announce the latest iteration of Hacker Dashboard today- Hacker Task Manager and Statistics! The Hacker Task Manager underlines our focus on helping new and upcoming hackers to onboard themselves on our platform. With the help of the Task Manager, hackers can educate themselves with help from Hacker101 and other educational resources to get closer to the goal of submitting a valid vulnerability report. Mon, 25 Feb 2019 07:00:00 -0800 Martijn Russchen https://hackerone.com/blog/Introducing-Hacker-Task-Manager-and-Statistics Design the next HackerOne T-Shirt https://www.hackerone.com/blog/Design-next-HackerOne-T-Shirt We are very excited to open the first ever HackerOne community T-shirt design contest. Like crafting a creative exploit or spinning up photoshop to create a perfect meme, we know you’ve got some amazing ideas and we want to see them. We are looking for designs that reflect the spirit of our community. This can include ingenuity, diversity and the collaborative forces that make #TogetherWeHitHarder. Fri, 22 Feb 2019 02:10:00 -0800 johnk https://hackerone.com/blog/Design-next-HackerOne-T-Shirt Five years of the GitHub Bug Bounty program https://www.hackerone.com/blog/Five-years-GitHub-Bug-Bounty-program Over the past five years, GitHub has been continuously impressed by the hard work and ingenuity of the hacker community. Last year was no different. GitHub paid out $165,000 to researchers through their public bug bounty program in 2018. They decided to share some of their highlights from the past year and introduce some big changes in 2019: full legal protection for researchers, more GitHub properties eligible for rewards, and increased reward amounts. Wed, 20 Feb 2019 12:30:00 -0800 Katrina Dene https://hackerone.com/blog/Five-years-GitHub-Bug-Bounty-program HackerOne Hosts Rails Girls in Groningen https://www.hackerone.com/blog/HackerOne-Hosts-Rails-Girls-Groningen Following months of preparation, the day was finally here. HackerOne’s office in Groningen was hosting a Rails Girls global coding event. Born in Finland, Rails Girls is a global, non-profit volunteer community that aims to provide the right tools and a community for women to understand technology and to build their ideas. I am Stuti Srivastava, a senior product engineer at HackerOne and one of the organisers for the event, and this was my first experience at a Rails Girls event. Thu, 14 Feb 2019 06:00:00 -0800 Stuti Srivastava https://hackerone.com/blog/HackerOne-Hosts-Rails-Girls-Groningen FanDuel’s Liam Somerville on Prioritising Researchers as an Extension of the Security Team https://www.hackerone.com/blog/FanDuels-Liam-Somerville-Prioritising-Researchers-Extension-Security-Team FanDuel, the web-based fantasy sports game with traditional season-long fantasy sports leagues compressed into daily or weekly games of skill, is used by over 8 million members across the globe. With hundreds of millions of dollars being exchanged through weekly games, the small but mighty FanDuel security is tasked with defending enormous amounts of sensitive data all while meeting rigorous state and national regulations. Over the course of their bug bounty program, FanDuel has resolved about 85 vulnerabilities and paid out over $35,000 in gratitude to researchers. We dove a little deeper with Liam to learn more about how his security team of seven works with the researcher community to boost security and how researchers can maximize their earnings by being creative. Wed, 13 Feb 2019 09:00:00 -0800 johnk https://hackerone.com/blog/FanDuels-Liam-Somerville-Prioritising-Researchers-Extension-Security-Team How Hacker-Powered Security Protects Your Data, Even When Third Parties Don't https://www.hackerone.com/blog/How-Hacker-Powered-Security-Protects-Your-Data-Even-When-Third-Parties-Dont Providing third parties with access to privileged sites and information can expose companies to greater risk of data theft, with all the financial and reputational costs such breaches bring. Hacker-powered security programs like HackerOne Bounty let you focus tens to thousands of security researchers on the precise systems you care about most. Through careful design of the program page and bounty table, which tells hackers how much they will be paid to find different types of vulnerabilities in different systems, you can concentrate the HackerOne community on hardening the applications, authentication, and access control systems that third parties use.  Fri, 08 Feb 2019 15:00:00 -0800 johnk https://hackerone.com/blog/How-Hacker-Powered-Security-Protects-Your-Data-Even-When-Third-Parties-Dont Alibaba and HackerOne Join Forces in Global Vulnerability Testing Program https://www.hackerone.com/blog/Alibaba-and-HackerOne-Join-Forces-Global-Vulnerability-Testing-Program Alibaba, one of the world’s largest Internet companies is joining HackerOne to tap into the technical expertise of the world’s best cybersecurity experts to implement a global vulnerability disclosure program (VDP) to help boost security and better protect customers, transactions, and the Alibaba ecosystem. Today, Alibaba has announced that all participating cybersecurity researchers who submit valid vulnerabilities will receive a limited production physical challenge coin issued by Alibaba and HackerOne — a “metal medal of honor” – to recognize their contributions. The coin is awarded in addition to the incentives researchers receive as active members of the HackerOne community. Tue, 05 Feb 2019 06:00:00 -0800 johnk https://hackerone.com/blog/Alibaba-and-HackerOne-Join-Forces-Global-Vulnerability-Testing-Program Introducing My Programs https://www.hackerone.com/blog/Introducing-My-Programs We’re proud to announce the release of My Programs, the next iteration of Hacker Dashboard. My Programs is a completely new page in the dashboard that replaces the old “accepted invitations” page. In addition to the accepted invitations, My Programs now lists all public programs you have previously submitted a report to. Mon, 04 Feb 2019 07:00:00 -0800 Martijn Russchen https://hackerone.com/blog/Introducing-My-Programs Brace yourself: $50 Million in Bounties is Coming—and we are celebrating the whole way there! https://www.hackerone.com/blog/Brace-yourself-50-Million-Bounties-Coming-and-we-are-celebrating-whole-way-there A huge milestone towards a safer internet, better lives, and communities for hackers, HackerOne is celebrating hackers and the path to $50M in bounties! Thu, 31 Jan 2019 16:00:00 -0800 Tiffany Long https://hackerone.com/blog/Brace-yourself-50-Million-Bounties-Coming-and-we-are-celebrating-whole-way-there Launching the Hacker Calendar, Never Miss a Challenge Again https://www.hackerone.com/blog/Launching-Hacker-Calendar-Never-miss-challenge-again Hacker Calendar is a small but useful feature to track important dates and events via your calendar app. You can easily see all running challenges that you&#039;re part of and know their respective start and end dates.<br /> Wed, 30 Jan 2019 03:00:00 -0800 Martijn Russchen https://hackerone.com/blog/Launching-Hacker-Calendar-Never-miss-challenge-again EU-FOSSA 2 Open Source Bug Bounty Programme Series | Q&A https://www.hackerone.com/blog/EU-FOSSA-2-Open-Source-Bug-Bounty-Programme-Series-QA Following the success of the European Commission’s pilot bug bounty programme with HackerOne last year, they are announcing the launch of a new bug bounty initiative involving open source software on a much larger scale. This bug bounty programme run by the EU-Free and Open Source Software Auditing (EU-FOSSA 2) project, aims to help EU institutions better protect their critical software. We recently chatted separately with Marek Przybyszewski and Saranjit Arora who are leading the EU-FOSSA 2 project. Tue, 29 Jan 2019 02:00:00 -0800 johnk https://hackerone.com/blog/EU-FOSSA-2-Open-Source-Bug-Bounty-Programme-Series-QA Riot Games Surpasses 1,000 Valid Reports: Q&A https://www.hackerone.com/blog/Riot-Games-Surpasses-1000-Valid-Reports-QA At the end of 2018, Riot Games surpassed one of the biggest milestones of its bug bounty program to-date: 1,000 valid vulnerabilities reported to the program. Today, the League of Legends maker celebrates 1,000 issues fixed and 1,000 opportunities to better protect their over 80 million players worldwide. We connected with Riot Games Security Engineer Diarmaid McManus to learn more about what the milestone means to him and the team, as well as the greater impact HackerOne’s community has had on their security practice. Thu, 24 Jan 2019 07:00:00 -0800 johnk https://hackerone.com/blog/Riot-Games-Surpasses-1000-Valid-Reports-QA Open-Xchange Approaches 3 Years of Bug Bounties & 250 Valid Vulnerabilities https://www.hackerone.com/blog/Open-Xchange-Approaches-3-Years-Bug-Bounties-250-Valid-Vulnerabilities Just shy of their third anniversary of bug bounties, web-based communication, collaboration and office productivity software company Open-Xchange (OX) is sharing the results of their program to-date. OX has seen nearly 250 valid vulnerabilities reported through the program and paid out over $80,000. Looking back, Security Officer Martin Heiland says bugs surfaced on HackerOne have cost about a tenth of what traditional pen testing has surfaced over the years. Wed, 23 Jan 2019 12:00:00 -0800 johnk https://hackerone.com/blog/Open-Xchange-Approaches-3-Years-Bug-Bounties-250-Valid-Vulnerabilities 5 Tips for an Effective AppSec Testing Strategy https://www.hackerone.com/blog/5-Tips-Effective-AppSec-Testing-Strategy Applications have become the lifeblood of businesses in today’s connected world. Software is now the “front door” into your business for many people around the world. Caution is required, though. Applications exposed to the internet are also exposed to shady characters out to exploit your systems for their benefit, often at the expense of your customers and your business. This blog shares 5 tips for an effective application security testing strategy. Tue, 22 Jan 2019 14:00:41 -0800 johnk https://hackerone.com/blog/5-Tips-Effective-AppSec-Testing-Strategy Quantopian Boosts Bounties for January: Q&A with CISO Jonathan Kamens https://www.hackerone.com/blog/Quantopian-Boosts-Bounties-January-QA-CISO-Jonathan-Kamens CISO Jonathan Kamens claims that their bug bounty program is the foundation of Quantopian’s application security practice, which helps protect its over 230,000 registered members. This morning, Quantopian announced they are temporarily increasing their bounties 1.5x their usual bounty structure and they’ve announced new additions to the site ripe for testing. We connected with Jonathan to dig into what makes the program successful and what it’s been like working with hackers over the years. Here’s a peek at what we learned. Tue, 15 Jan 2019 09:00:00 -0800 johnk https://hackerone.com/blog/Quantopian-Boosts-Bounties-January-QA-CISO-Jonathan-Kamens Your First 90 Days as Security Lead, Part 2: Developing a Plan and Getting to Work https://www.hackerone.com/blog/Your-First-90-Days-Security-Lead-Part-2-Developing-Plan-and-Getting-Work You’ve just been named the new security lead for your organization. You probably have many projects swirling through your mind, like addressing a critical issue, benchmarking your organization against peers, or developing a broad plan. This two-part blog series details best practices for developing your program and the key steps to take during the first three months in your new role. Mon, 14 Jan 2019 05:27:07 -0800 johnk https://hackerone.com/blog/Your-First-90-Days-Security-Lead-Part-2-Developing-Plan-and-Getting-Work Hyatt Launches Public Bug Bounty Program: Q&A with CISO Benjamin Vaughn https://www.hackerone.com/blog/Hyatt-Launches-Public-Bug-Bounty-Program-QA-CISO-Benjamin-Vaughn Today, Hyatt is launching its first public bug bounty program at HackerOne. To learn more about Hyatt’s program, their commitment to security and the hacker community, we sat down with Chief Information Security Officer Benjamin Vaughn. Wed, 09 Jan 2019 06:00:00 -0800 johnk https://hackerone.com/blog/Hyatt-Launches-Public-Bug-Bounty-Program-QA-CISO-Benjamin-Vaughn Introducing Indian Rupee payments: Cheaper and faster bank transfers https://www.hackerone.com/blog/Introducing-Indian-Rupee-payments-Cheaper-and-faster-bank-transfers We’re proud to announce that HackerOne now supports payments in Indian Rupees. The addition of Indian Rupees means we can now eliminate the roughly 5% conversion fee per bounty by using the “mid-market rate” to convert your bounties directly to Indian Rupees before sending them to your bank account. Wed, 09 Jan 2019 01:00:00 -0800 Martijn Russchen https://hackerone.com/blog/Introducing-Indian-Rupee-payments-Cheaper-and-faster-bank-transfers What to Look For in a Penetration Testing Company https://www.hackerone.com/blog/What-Look-Penetration-Testing-Company-0 Penetration testing is one of the most widely used techniques to comply with security regulations and protect network and computing systems and users. Hacker-powered penetration tests are emerging as a more cost-effective way to harden applications. With HackerOne Challenge, selected hackers from our community are invited to find vulnerabilities in your systems, and you only pay for the verified vulnerabilities found.   Tue, 08 Jan 2019 09:35:59 -0800 johnk https://hackerone.com/blog/What-Look-Penetration-Testing-Company-0 Your First 90 Days as Security Lead, Part 1: Building Your Security Foundation https://www.hackerone.com/blog/Your-First-90-Days-Security-Lead-Part-1-Building-Your-Security-Foundation You’ve just been named the new security lead for your organization. You probably have many projects swirling through your mind, like addressing a critical issue, benchmarking your organization against peers, or developing a broad plan. This two-part blog series details best practices for developing your program and the key steps to take during the first three months in your new role. <br /> Mon, 07 Jan 2019 07:00:00 -0800 johnk https://hackerone.com/blog/Your-First-90-Days-Security-Lead-Part-1-Building-Your-Security-Foundation More Hackers Means Less To Worry About https://www.hackerone.com/blog/More-Hackers-Means-Less-Worry-About-0 With enough hackers, all security vulnerabilities are shallow. There is no better way to know the security of your systems than inviting a diverse community to report your weaknesses. On behalf of grateful customers, we have awarded over $42M in rewards to the do-gooders - the hackers. We will end 2018 with a business that has grown 10X in just 3 years. Thu, 20 Dec 2018 08:00:00 -0800 Mårten Mickos https://hackerone.com/blog/More-Hackers-Means-Less-Worry-About-0 Oath’s Big Year of Bug Bounties Capped off with NYC Live Hacking Event https://www.hackerone.com/blog/Oaths-Big-Year-Bug-Bounties-Capped-NYC-Live-Hacking-Event In 2018, Oath has received over 1,900 valid vulnerabilities through its private bug bounty program, over 300 of which were high or critical severity. Big numbers mean big rewards — Oath has paid $5 million in bounties in 2018. It’s been a record year, including four live hacking events all over the world — Goa, San Francisco, Argentina, and a 2018 finale live hacking event in New York City on November 27-29. Tue, 18 Dec 2018 07:00:00 -0800 johnk https://hackerone.com/blog/Oaths-Big-Year-Bug-Bounties-Capped-NYC-Live-Hacking-Event GitLab’s Public Bug Bounty Program Kicks Off: Q&A with GitLab’s Kathy Wang & James Ritchey https://www.hackerone.com/blog/GitLabs-Public-Bug-Bounty-Program-Kicks-QA-GitLabs-Kathy-Wang-James-Ritchey Today, GitLab is launching their first public bug bounty program. After running a private bug bounty program and public vulnerability disclosure program (VDP) on HackerOne for over a year, the company resolved nearly 250 vulnerabilities thanks to the over 100 participating hackers. We sat down with GitLab&#039;s Director of Security Kathy Wang and Senior Application Security Engineer James Ritchey to dive into the evolution of GitLab&#039;s program over time, their decision to go public with their program, and how leveraging HackerOne&#039;s community has helped to find and fix security issues quickly. Wed, 12 Dec 2018 08:00:00 -0800 johnk https://hackerone.com/blog/GitLabs-Public-Bug-Bounty-Program-Kicks-QA-GitLabs-Kathy-Wang-James-Ritchey Grammarly’s Bug Bounty Program Goes Public: Q&A with VP of Engineering Joe Xavier https://www.hackerone.com/blog/Grammarlys-Bug-Bounty-Program-Goes-Public-QA-VP-Engineering-Joe-Xavier It’s been over a year since Grammarly launched its first bug bounty program on HackerOne. It’s been a private, invite-only program ever since. That is, until today! We sat down with the company’s VP of Engineering Joe Xavier to learn more about how the newly public bug bounty program fits into the team’s overall security strategy, what it’s like working with hackers, and any advice for other organizations considering the bug bounty model. Tue, 11 Dec 2018 07:00:00 -0800 johnk https://hackerone.com/blog/Grammarlys-Bug-Bounty-Program-Goes-Public-QA-VP-Engineering-Joe-Xavier Hacktivity Disclosure for Private Programs https://www.hackerone.com/blog/Hacktivity-Disclosure-Private-Programs With over 6,000 reports that have been disclosed on Hacktivity, we’re proud to announce that we’re launching Disclosure for Private Programs. Vulnerability reports can now be disclosed within a private program. Mon, 10 Dec 2018 09:00:00 -0800 Martijn Russchen https://hackerone.com/blog/Hacktivity-Disclosure-Private-Programs Q&A with Flickr’s Senior Engineering Manager Alex Seville https://www.hackerone.com/blog/QA-Flickrs-Senior-Engineering-Manager-Alex-Seville As of November 2018, Flickr has been running its first independent bug bounty program, maintaining an average resolution time of just 4 days in the first month. We sat down with Flickr Senior Engineering Manager Alex Seville to learn more about his team’s commitment to working with the hacker community, how it fits into Flickr’s larger cybersecurity strategy, and what’s to come. Thu, 06 Dec 2018 08:00:00 -0800 johnk https://hackerone.com/blog/QA-Flickrs-Senior-Engineering-Manager-Alex-Seville Easy and secure Credential Management https://www.hackerone.com/blog/Easy-and-secure-Credential-Management The new credential management functionality enables program owners to share credentials with hackers in the program easily. It’s as simple as uploading a CSV with credentials, and a new button will appear on your program page from where hackers can download the credentials. When uploading the credentials, you can also give the hacker instructions on how to use them. This can be helpful in case the setup isn’t straightforward. Wed, 05 Dec 2018 08:00:00 -0800 Martijn Russchen https://hackerone.com/blog/Easy-and-secure-Credential-Management Security@ 2018: Hackers Explain Why They Hack and How Orgs Benefit From What They Do https://www.hackerone.com/blog/Security-2018-Hackers-Explain-Why-They-Hack-and-How-Orgs-Benefit-What-They-Do At Security@ 2018, we invited these three hackers to participate in a panel discussion moderated by Bree Fowler, Electronics Team Editor at Consumer Reports. Each hacker, all of whom rank in the top 100 on the HackerOne platform, talked about what motivates them, what organizations can do to attract more of the best hackers, and how hacker-powered security makes the internet safer while also helping them be better hackers. Tue, 04 Dec 2018 09:00:00 -0800 johnk https://hackerone.com/blog/Security-2018-Hackers-Explain-Why-They-Hack-and-How-Orgs-Benefit-What-They-Do Test your hacking skills on real-world simulated bugs https://www.hackerone.com/blog/Test-your-hacking-skills-real-world-simulated-bugs Five sandbox environments of recently disclosed hacktivity reports available for anyone to test their hacking skills and see if they can replicate the same bug that was discovered. #hackon<br /> Tue, 04 Dec 2018 08:00:00 -0800 Cody Brocious https://hackerone.com/blog/Test-your-hacking-skills-real-world-simulated-bugs Introducing Hacker Dashboard: Your personalized HackerOne overview https://www.hackerone.com/blog/Introducing-Hacker-Dashboard-Your-personalized-HackerOne-overview Earlier this month, we introduced the all-new Program Directory with fresh metrics and better filtering. Now, we’re taking it a step further with the introduction of the Hacker Dashboard. Check it out! Wed, 28 Nov 2018 09:00:00 -0800 Martijn Russchen https://hackerone.com/blog/Introducing-Hacker-Dashboard-Your-personalized-HackerOne-overview Hacker101 CTF++: Find flags, get private bug bounty program invitations https://www.hackerone.com/blog/Hacker101-CTF-Find-flags-get-private-bug-bounty-program-invitations Get rewarded with private invitations and work through the CTF as a group with our new release.<br /> Mon, 19 Nov 2018 09:00:00 -0800 Cody Brocious https://hackerone.com/blog/Hacker101-CTF-Find-flags-get-private-bug-bounty-program-invitations Shopify Awards $116,000 to Hackers in Canada: h1-514 Recap https://www.hackerone.com/blog/Shopify-Awards-116000-Hackers-Canada-h1-514-Recap Forty top hackers met in Montréal over the weekend to hack Canada-based Shopify. The commerce platform helps more than a half-million merchants spread across 90% of the world’s countries design, set-up, and manage their stores. During the live hacking event, dubbed h1-514, Shopify paid over $116,000 in bounties to hackers who helped surface 55 valid vulnerabilities to the program. Thu, 15 Nov 2018 06:49:37 -0800 johnk https://hackerone.com/blog/Shopify-Awards-116000-Hackers-Canada-h1-514-Recap Integrate HackerOne directly into your website with Embedded Submissions https://www.hackerone.com/blog/Integrate-HackerOne-directly-your-website-Embedded-Submissions Receiving vulnerabilities has never been easier with the release of our newest integration: Embedded Submissions! The form will be embedded directly on your website by simply adding one line of JavaScript on your web page. Wed, 14 Nov 2018 09:00:00 -0800 Martijn Russchen https://hackerone.com/blog/Integrate-HackerOne-directly-your-website-Embedded-Submissions Examining the SEC’s Statement and Guidance on Cybersecurity Disclosures and A Look At Cyber Insurance Policies: Recommendations for Boards with Perspectives from Fenwick and West, Ernst and Young, and AXA XL Catlin https://www.hackerone.com/blog/year-ends-HackerOne-shares-its-recommendations-along-perspectives-Fenwick-and-West-EY-and-AXA As the year ends, management and Boards should evaluate their cybersecurity posture by examining the controls and procedures in place to prevent breaches, what would be considered a material breach, and cybersecurity topics that should be discussed at the Board level. Cyber insurance should also be considered.<br /> Wed, 14 Nov 2018 09:00:00 -0800 Debbie Chang https://hackerone.com/blog/year-ends-HackerOne-shares-its-recommendations-along-perspectives-Fenwick-and-West-EY-and-AXA Security@ 2018: Oath, DoD Highlight Value in Bringing Bug Bounties to Life https://www.hackerone.com/blog/Security-2018-Oath-DoD-Highlight-Value-Bringing-Bug-Bounties-Life Most hacker-powered security happens remotely, with digital messaging being the typical communication channel. There’s no brainstorming together with a whiteboard, no chats over coffee, no conversations during the walk across the street for lunch. One of the many benefits of Security@ is the chance to bring hackers, developers, and security teams together to meet in real life.<br /> Tue, 13 Nov 2018 12:00:00 -0800 keely https://hackerone.com/blog/Security-2018-Oath-DoD-Highlight-Value-Bringing-Bug-Bounties-Life Security@ 2018: Sumo Logic’s CSO On Transparency and Using Hacker-Powered Pen Tests for Better Security and Complete Compliance https://www.hackerone.com/blog/Security-2018-Sumo-Logics-CSO-Transparency-and-Using-Hacker-Powered-Pen-Tests-Better-Security At Security@ 2018, held in San Francisco in late October, Gerchow took the stage to share how Sumo Logic works with HackerOne to take a decidedly modern approach to security, using bug bounties as a tool in the arsenal and transparency as the common thread. Transparency, according to Gerchow, means that organizations must admit not only that bugs will always exist, but that the best ways to reduce vulnerabilities is to share learnings and best practices with the broader community. Fri, 09 Nov 2018 04:00:00 -0800 keely https://hackerone.com/blog/Security-2018-Sumo-Logics-CSO-Transparency-and-Using-Hacker-Powered-Pen-Tests-Better-Security Discovering programs is easier than ever with the new and improved Program Directory https://www.hackerone.com/blog/Discovering-programs-easier-ever-new-and-improved-Program-Directory Today, we’re excited to announce a complete overhaul of our Program Directory! The new directory features a fresh design and more granular filters to find programs faster than ever. Let us know what you think! Mon, 05 Nov 2018 09:00:00 -0800 Martijn Russchen https://hackerone.com/blog/Discovering-programs-easier-ever-new-and-improved-Program-Directory What To Do When You're Stuck Hacking https://www.hackerone.com/blog/What-To-Do-When-You-Are-Stuck-Hacking Hacking can be tedious work. Sometimes you’re looking for hours, perhaps days, and you’re unable to find a security vulnerability. It can be demotivating at times. This blog will give you multiple tips to power through it and regain that sweet, sweet feeling of submitting a security vulnerability. Thu, 01 Nov 2018 08:00:00 -0700 Jobert Abma https://hackerone.com/blog/What-To-Do-When-You-Are-Stuck-Hacking Financial Services: Tips for Bug Bounty Success https://www.hackerone.com/blog/Financial-Services-Tips-Bug-Bounty-Success Jason Pubal is an appsec director at a large financial services firm. Over the past 2 years, he’s prepared for and rolled out a successful bug bounty program with HackerOne. Here’s what he’s learned in the process and how you can prepare to launch your own bug bounty program. Thu, 25 Oct 2018 01:00:00 -0700 HackerOne https://hackerone.com/blog/Financial-Services-Tips-Bug-Bounty-Success The Best is Yet To Come: DOD Awards New Hack the Pentagon Contract to HackerOne https://www.hackerone.com/blog/Best-Yet-Come-DOD-Awards-New-Hack-Pentagon-Contract-HackerOne Today we celebrate cyber defense. The U.S. Department of Defense’s Defense Digital Service (DDS) announced expansion of the Hack the Pentagon crowdsourced security program and partnership with HackerOne. HackerOne is one of three vendors to be awarded a contract as part of the Hack the Pentagon expansion to run private assessments against sensitive, internal systems.This is in addition to HackerOne’s existing contract for public facing assets. As we applaud the DoD’s continued effort to help drive security innovation, let us also revisit how far we’ve come together and what lies ahead. Wed, 24 Oct 2018 09:00:00 -0700 Mårten Mickos https://hackerone.com/blog/Best-Yet-Come-DOD-Awards-New-Hack-Pentagon-Contract-HackerOne The Paranoids at Oath Take Bug Bounties to Argentina: h1-5411 Recap https://www.hackerone.com/blog/Paranoids-Oath-Take-Bug-Bounties-Argentina-h1-5411-Recap HackerOne kicked off its first South America live hacking event in Buenos Aires, Argentina! Oath, a media and tech company, under which Yahoo, AOL, Verizon Digital Media Services, TechCrunch and many more dynamic brands fall, opened up their assets to 53 hackers in their second live hacking event in 2018. Eight hours later, Oath had paid out over $260,000 in bounties to hackers for their contributions. Thank you to our hackers that literally weathered a storm to join us in Argentina for the first time. Wed, 10 Oct 2018 09:30:00 -0700 Anonymous https://hackerone.com/blog/Paranoids-Oath-Take-Bug-Bounties-Argentina-h1-5411-Recap Say Yes To Cyber Help https://www.hackerone.com/blog/Say-Yes-Cyber-Help We are seeing tremendous growth at HackerOne. Bug bounty programs, vulnerability disclosure policies, and crowdsourced pentests are needed by anyone entrusted with protecting customer data. To serve our rapidly expanding customer base, we have tripled our headcount in the past 12 months and opened new offices in New York, Washington D.C. and Singapore, in addition to our San Francisco, London and Netherlands offices. We have recently hired two outstanding executives. Debbie Chang joined as VP of Business Development and Policy to establish partnerships with those who care about cyber risk management. Jeff McBride joins as our new VP of Customer Success to expand that operation and build new advanced service offerings that make the most of the ingenuity and skill of our enormous hacker community. HackerOne is a company driven by our mission and united by our values. Thu, 04 Oct 2018 09:00:00 -0700 Mårten Mickos https://hackerone.com/blog/Say-Yes-Cyber-Help The U.S. Marine Corps Resolves Nearly 150 Vulnerabilities Thanks to Hackers https://www.hackerone.com/blog/US-Marine-Corps-Resolves-Nearly-150-Vulnerabilities-Thanks-Hackers-2 Hack the Marine Corps, the U.S. Depart of Defense’s (DoD) six public bug bounty challenge, officially concluded and the results are in! Over 100 ethical hackers tested public-facing Marine Corps websites and services in an effort to harden the defenses of the Marine Corps Enterprise Network (MCEN). Over the 20 days of the hacking challenge, hackers reported nearly 150 unique valid vulnerabilities to the U.S. Marine Corps Cyberspace Command (MARFORCYBER) team and were awarded over $150,000 for their findings. Wed, 03 Oct 2018 08:00:00 -0700 johnk https://hackerone.com/blog/US-Marine-Corps-Resolves-Nearly-150-Vulnerabilities-Thanks-Hackers-2 The AWS Shared Responsibility Model: 3 Areas of Improvement to Make Today Part 3: Logging, Monitoring, and Alerting in AWS https://www.hackerone.com/blog/AWS-Shared-Responsibility-Model-3-Areas-Improvement-Make-Today-Part-3 Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: logging, monitoring, and alerting in an AWS environment. Discover the tools available to help you always know what is happening in your environment. Wed, 26 Sep 2018 09:00:00 -0700 Justin Boyer https://hackerone.com/blog/AWS-Shared-Responsibility-Model-3-Areas-Improvement-Make-Today-Part-3 Say Hello to Security@ San Francisco 2018! https://www.hackerone.com/blog/Say-Hello-Security-San-Francisco-2018 The annual hacker-powered security conference, Security@ San Francisco, is now open for registration! The one day event will take place on October 24, 2018 and gather industry influencers, public and private sector leaders from some of the most advanced security teams, and hackers from all over the world to discuss everything from the legal implications of safe harbor to compliance to best practices driving security maturity across industries. It’s the largest conference of its kind dedicated to educating the community on hacker-powered security and sharing the lessons, learnings, and insights of those who are leading us into the modern era of cybersecurity. Tue, 25 Sep 2018 08:00:00 -0700 johnk https://hackerone.com/blog/Say-Hello-Security-San-Francisco-2018 How Hacktivity Can Save Your Company: Experts Weigh In https://www.hackerone.com/blog/How-Hacktivity-Can-Save-Your-Company-Experts-Weigh-In Hacktivity can save your company.  Take help from hackers.  You can’t do it alone.  Approach hackers with an assumption of benevolence, and develop relationships with them.  Don’t find out about a vulnerability for the first time on Twitter.  How do you defend yourself against people who get up in the morning, put on their flip flops (or military uniform) and do nothing but think about how to attack you?  These were themes at the Atlantic Council’s panel on coordinated vulnerability disclosure (CVD) on September 18 in Washington, D.C.    Mon, 24 Sep 2018 10:00:00 -0700 Debbie Chang https://hackerone.com/blog/How-Hacktivity-Can-Save-Your-Company-Experts-Weigh-In Hacker Q&A with André Baptista: From CTF Champ to h1-202 MVH https://www.hackerone.com/blog/Hacker-QA-Andre-Baptista-CTF-Champ-h1-202-MVH From CTF Champ to H1-202 MVH. André applied the creativity of CTFs to find and escalate bugs in the wild and hack his way to to the Championship Belt less than a month after finding his first bug in the wild. Fri, 21 Sep 2018 12:00:00 -0700 Tiffany Long https://hackerone.com/blog/Hacker-QA-Andre-Baptista-CTF-Champ-h1-202-MVH Streamline Every Aspect of Your Responsible Disclosure Policy with HackerOne Response https://www.hackerone.com/blog/Streamline-Every-Aspect-Your-VDP-HackerOne-Response HackerOne Response is our turnkey solution offering enterprise-grade security and conformance with ISO-29147 (vulnerability disclosure) and ISO-30111 (vulnerability handling). It allows vulnerability management teams to work directly with external third-parties to resolve critical security vulnerabilities before they can be exploited. Fri, 21 Sep 2018 08:00:00 -0700 johnk https://hackerone.com/blog/Streamline-Every-Aspect-Your-VDP-HackerOne-Response Top Firewall Misconfigurations that Lead to Easy Exploitations by Attackers https://www.hackerone.com/blog/Top-Firewall-Misconfigurations-that-Lead-to-Easy-Exploitations Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: keeping your cloud network secure. Discover how to protect your cloud networks from attackers. Wed, 19 Sep 2018 08:00:00 -0700 Justin Boyer https://hackerone.com/blog/Top-Firewall-Misconfigurations-that-Lead-to-Easy-Exploitations The AWS Shared Responsibility Model: 3 Areas of Improvement to Make Today, Part 1 https://www.hackerone.com/blog/AWS-Shared-Responsibility-Model-3-Areas-Improvement-Make-Today-Part-1-Keep-Your-Private-Keys Migrating to the cloud means sharing responsibility for security with the cloud provider. Read about one important part of the shared responsibility model: keeping your private keys private. Discover how to prevent your secrets from escaping the cloud. Wed, 12 Sep 2018 07:00:00 -0700 Justin Boyer https://hackerone.com/blog/AWS-Shared-Responsibility-Model-3-Areas-Improvement-Make-Today-Part-1-Keep-Your-Private-Keys Introducing the Hacker101 CTF https://www.hackerone.com/blog/Introducing-Hacker101-CTF Capture flags all day and night in our newly launched CTF, available 24/7 at ctf.hacker101.com. Mon, 10 Sep 2018 08:00:00 -0700 Cody Brocious https://hackerone.com/blog/Introducing-Hacker101-CTF Highlights of New York’s Cybersecurity Regulation 23 NYCRR Part 500 https://www.hackerone.com/blog/Highlights-New-Yorks-Cybersecurity-Regulation-23-NYCRR-Part-500 Effective March 1, 2017, the New York State Department of Financial Services (NYDFS) promulgated 23 NYCRR Part 500, a regulation establishing cybersecurity requirements for financial services companies. Beginning today, September 4, 2018, Sections 500.06, 500.08, 500.13, 500.14(a) and 500.15 of 23 NYCRR Part 500 will be enforceable. Tue, 04 Sep 2018 09:00:00 -0700 luke https://hackerone.com/blog/Highlights-New-Yorks-Cybersecurity-Regulation-23-NYCRR-Part-500 H1-702 2018 makes history with over $500K in bounties paid! https://www.hackerone.com/blog/H1-702-2018-makes-history-over-500K-bounties-paid Five straight nights of hacking with over 75 hackers representing 20+ countries hacked five targets earning over $500,000. It was the largest and most successful live hacking event ever. Mon, 03 Sep 2018 08:00:00 -0700 Anonymous https://hackerone.com/blog/H1-702-2018-makes-history-over-500K-bounties-paid Hacker Q&A with Matthew Bryant: Good Artists Copy, Great Artists Steal https://www.hackerone.com/blog/Hacker-QA-Matthew-Bryant-1 “Seeing an exploit without understanding how any of it works felt like witnessing someone doing actual magic.” In his search to understand new-to-him security vulnerabilities, Matthew Bryant (@iammandatory) has found some iconic bugs. He chatted with us about those finds, collaboration, and the tools he builds as a modern-day security magician. Fri, 31 Aug 2018 12:00:00 -0700 Tiffany Long https://hackerone.com/blog/Hacker-QA-Matthew-Bryant-1 What is a Responsible Disclosure Policy and Why You Need One https://www.hackerone.com/blog/What-Vulnerability-Disclosure-Policy-and-Why-You-Need-One This article will answer the simple question of what a vulnerability disclosure policy is, what’s included in a good policy, which organizations have a VDP today, and which government agencies have published guidance on VDPs. Thu, 30 Aug 2018 08:00:00 -0700 johnk https://hackerone.com/blog/What-Vulnerability-Disclosure-Policy-and-Why-You-Need-One 118 Fascinating Facts from HackerOne’s Hacker-Powered Security Report 2018 https://www.hackerone.com/blog/118-Fascinating-Facts-HackerOnes-Hacker-Powered-Security-Report-2018 Read 118 of the most intriguing data points from HackerOne’s Hacker-Powered Security Report 2018. Get the facts to learn how security teams are working with hackers to crush more bugs and make the internet safer for everyone. Mon, 27 Aug 2018 08:00:00 -0700 johnk https://hackerone.com/blog/118-Fascinating-Facts-HackerOnes-Hacker-Powered-Security-Report-2018 7 Common Security Pitfalls to Avoid When Migrating to the Cloud https://www.hackerone.com/blog/7-Common-Security-Pitfalls-Avoid-When-Migrating-Cloud Read about the seven common security pitfalls to avoid when considering a migration to the cloud. Get actionable steps you should take now to ensure the best security possible for your customers. Mon, 27 Aug 2018 08:00:00 -0700 Justin Boyer https://hackerone.com/blog/7-Common-Security-Pitfalls-Avoid-When-Migrating-Cloud Oath Bug Bounty Program Update: $1M in payouts and expansion of the program https://www.hackerone.com/blog/Oath-Bug-Bounty-Program-Update-1M-payouts-and-expansion-program Oath has surpassed over $1,000,000 bounties paid to hackers for their help to significantly decrease risk and reduce Oath’s attack surface. However, bugs aren’t all Oath received from the security community. They also heard a ton of feedback that they’ve accounted for in five changes to their program policy. Check them out! Thu, 23 Aug 2018 08:00:00 -0700 Katrina Dene https://hackerone.com/blog/Oath-Bug-Bounty-Program-Update-1M-payouts-and-expansion-program Improve Credential Sharing with Hacker Email Aliases https://www.hackerone.com/blog/Improve-Credential-Sharing-Hacker-Email-Aliases New hacker email aliases feature makes credential sharing, and whitelisting domains simple for programs Thu, 16 Aug 2018 09:00:00 -0700 Martijn Russchen https://hackerone.com/blog/Improve-Credential-Sharing-Hacker-Email-Aliases A Guide To Subdomain Takeovers https://www.hackerone.com/blog/Guide-Subdomain-Takeovers Technical guide on how to understand, find, exploit, and report subdomain misconfigurations by EdOverflow Wed, 15 Aug 2018 06:00:00 -0700 EdOverflow https://hackerone.com/blog/Guide-Subdomain-Takeovers Software Vulnerability Disclosure in Europe: Summary and Key Highlights of the European Parliament CEPS Task Force Report https://www.hackerone.com/blog/Software-Vulnerability-Disclosure-Europe-Summary-and-Key-Highlights-European-Parliament-CEPS HackerOne’s summary review of the Software Vulnerability Disclosure in Europe Technology, Policies and Legal Challenges report.<br /> Tue, 14 Aug 2018 06:00:00 -0700 johnk https://hackerone.com/blog/Software-Vulnerability-Disclosure-Europe-Summary-and-Key-Highlights-European-Parliament-CEPS Sumo Logic Looks to Hacker-Powered Pen Testing for Security and Compliance https://www.hackerone.com/blog/Sumo-Logic-Looks-Hacker-Powered-Pen-Testing-Security-and-Compliance In late 2017, Sumo Logic CSO George Gerchow faced a challenge most only dream of — pen testing reports kept coming back clean. While this seems like good knews, it meant Sumo Logic’s attack surface was hardening, Gerchow knew nothing is bulletproof. Three bug bounty challenges later, Sumo Logic is sharing the results and inner workings of its open line of communication with the hacker community for the first time. Tue, 31 Jul 2018 06:00:00 -0700 johnk https://hackerone.com/blog/Sumo-Logic-Looks-Hacker-Powered-Pen-Testing-Security-and-Compliance Zomato’s First Anniversary with Bug Bounties: Q&A with Security Lead, Prateek Tiwari https://www.hackerone.com/blog/Zomatos-First-Anniversary-Bug-Bounties-QA-Security-Lead-Prateek-Tiwari This month, Zomato is celebrating the first anniversary of its bug bounty program. Since launching in July 2017, the company has paid out over $100,000 to over 350 hackers for their efforts, all while maintaining an average response time of 4 hours. We recently caught up with Prateek to celebrate the milestone and give you a chance to learn more about Zomato’s approach to bug bounties and security. Mon, 23 Jul 2018 07:00:00 -0700 johnk https://hackerone.com/blog/Zomatos-First-Anniversary-Bug-Bounties-QA-Security-Lead-Prateek-Tiwari The Hacker-Powered Security Report 2018 https://www.hackerone.com/blog/Hacker-Powered-Security-Report-2018 The Hacker-Powered Security Report 2018 is the most comprehensive report on hacker-powered security. Analysis of 78,275 security vulnerability reports received in the past year from ethical hackers that reported them to over 1,000 organizations through HackerOne.<br /> Wed, 11 Jul 2018 05:00:00 -0700 Anonymous https://hackerone.com/blog/Hacker-Powered-Security-Report-2018 H1-702 CTF Winners Announced! https://www.hackerone.com/blog/H1-702-CTF-Winners-Announced Thanks to all the hackers who participated in the H1-702 2018 CTF! For the first time ever, we had both web and mobile challenges. Our six winners were selected from a pool of 750 registered participants and over 30 submissions received. Congratulations on winning your way to Las Vegas for the biggest live hacking event ever! Mon, 09 Jul 2018 14:00:00 -0700 Anonymous https://hackerone.com/blog/H1-702-CTF-Winners-Announced Lawfully Hacked https://www.hackerone.com/blog/Lawfully-Hacked The best way to prevent getting hacked is to try to get hacked. Paradoxical as this may sound, evidence shows it is true. The worst data breaches the world has seen were with companies that did not invite external security researchers to report their findings. But by hunting for their security vulnerabilities, organizations can ensure the weak points are found and fixed before they are identified by criminals. Open sourcing security is the way. Mon, 09 Jul 2018 08:55:27 -0700 Mårten Mickos https://hackerone.com/blog/Lawfully-Hacked The Journey to 100% Responsive Programs https://www.hackerone.com/blog/Journey-100-Responsive-Programs Unresponsive programs are a drain on your time and your sanity. We are committed to ensure programs on the platform will be responsive and their performance metrics will be transparent. Thu, 05 Jul 2018 12:00:00 -0700 Anonymous https://hackerone.com/blog/Journey-100-Responsive-Programs Webinar: Learn How Hacker-Powered Pentests Give You More For Less https://www.hackerone.com/blog/Webinar-Learn-How-Hacker-Powered-Pentests-Give-You-More-Less Join us on July 17 to learn how hacker-powered pen tests give you more. More bugs, faster, and cheaper. Tue, 03 Jul 2018 08:00:00 -0700 luke https://hackerone.com/blog/Webinar-Learn-How-Hacker-Powered-Pentests-Give-You-More-Less Morrison & Foerster’s David Newman: How Corporate Counsel Should Approach Hacker-Powered Security https://www.hackerone.com/blog/Morrison-Foersters-David-Newman-How-Corporate-Counsel-Should-Approach-Hacker-Powered-Security Interview with MoFo’s David Newman, of counsel in the National Security and Global Risk &amp; Crisis Management practices. We asked David a few questions related to his work for clients on hacker-powered security, as well as what he’s seeing in the field as more and more organizations launch both vulnerability disclosure policies (VDP) and bug bounty programs. Mon, 02 Jul 2018 08:30:00 -0700 luke https://hackerone.com/blog/Morrison-Foersters-David-Newman-How-Corporate-Counsel-Should-Approach-Hacker-Powered-Security Hackers Descend on London for First Ever UK Live Hacking Event: H1-4420 https://www.hackerone.com/blog/Hackers-Descend-London-First-Ever-UK-Live-Hacking-Event-H1-4420 Saturday, June 16, almost 50 hackers gathered from across the world to hack one of the most popular and mature bug bounty programs on the planet at HackerOne’s first live-hacking event in London, H1-4420. Nine hours, 71 valid bugs and $81,753 later...you could say our community of elite hackers exceeded all expectations. Thu, 28 Jun 2018 09:00:00 -0700 johnk https://hackerone.com/blog/Hackers-Descend-London-First-Ever-UK-Live-Hacking-Event-H1-4420 70% of IT Pros Want to Redefine “Hacker” in the Cambridge Dictionary https://www.hackerone.com/blog/70-IT-Pros-Want-Redefine-Hacker-Cambridge-Dictionary We are reclaiming the term hacker. Earlier this month at Infosecurity Europe, we surveyed IT professionals, which revealed that the majority (70%) believe the Cambridge Dictionary update its definition of “hacker.” Mon, 25 Jun 2018 00:00:00 -0700 johnk https://hackerone.com/blog/70-IT-Pros-Want-Redefine-Hacker-Cambridge-Dictionary Advanced triggers feature launches to further improve signal https://www.hackerone.com/blog/Advanced-triggers-feature-launches-further-improve-signal Triggers are simple but powerful tools for executing automated responses to new, incoming reports. With triggers, you can set up an automated action when your program receives a report with or without a given trigger word. Triggers aid in reducing noise as they can flag certain reports. Thu, 21 Jun 2018 09:00:00 -0700 Martijn Russchen https://hackerone.com/blog/Advanced-triggers-feature-launches-further-improve-signal Live-hacking Dropbox in Amsterdam for H1-3120 https://www.hackerone.com/blog/Live-hacking-Dropbox-Amsterdam-H1-3120 At H1-3120, Dropbox received more than 90 reports and paid out $80,383 with an average bounty of $1,318, over two times on their largest bounty day ever and almost three times their average bounty. Geweldig! Fri, 15 Jun 2018 09:30:00 -0700 johnk https://hackerone.com/blog/Live-hacking-Dropbox-Amsterdam-H1-3120 Jackpot! The h1-702 2018 CTF is here! Win a Trip to the Biggest Live-hacking Event of 2018 https://www.hackerone.com/blog/Jackpot-h1-702-2018-CTF-here-Win-Trip-Biggest-Live-hacking-Event-2018 H1-702 2018 is happening in Las Vegas from Wednesday, August 8 to Sunday, August 12! Any hacker from around the world who wants to attend can earn their way there. All you need to do is solve our CTF and write a great report. Six lucky winners will earn round trip airfare, seven nights at a hotel on the Las Vegas strip, and access to all five days of h1-702.  Mon, 11 Jun 2018 12:00:00 -0700 johnk https://hackerone.com/blog/Jackpot-h1-702-2018-CTF-here-Win-Trip-Biggest-Live-hacking-Event-2018 Hey Startups, Check Your GDPR Progress with this GDPR Checklist https://www.hackerone.com/blog/Hey-Startups-Check-Your-GDPR-Progress-GDPR-Checklist The GDPR Checklist is just that: a checklist to make sure you’ve covered the basics concerning GDPR. It’s aimed at SaaS startups, but every company can benefit from its simple, easy to understand guidance. Mon, 11 Jun 2018 08:00:00 -0700 luke https://hackerone.com/blog/Hey-Startups-Check-Your-GDPR-Progress-GDPR-Checklist Hacker-Powered pen tests at the U.S. Federal Government https://www.hackerone.com/blog/Hacker-Powered-pen-tests-US-Federal-Government When looking for a model to inform your own security posture, the Department of Defense would be a good place to look. Not only were they the first branch of the U.S. Federal Government to use white-hat hackers back in 2016, they’ve been using hacker-powered security in new and interesting ways ever since. They’ve also blazed a trail for other public organizations. Wed, 06 Jun 2018 08:00:00 -0700 luke https://hackerone.com/blog/Hacker-Powered-pen-tests-US-Federal-Government Introducing The Updated Documentation Center for Programs and Hackers https://www.hackerone.com/blog/Introducing-Updated-Documentation-Center-Programs-and-Hackers Introducing docs.hackerone.com! Our new site that hackers and programs can go to to better understand and use HackerOne. Tue, 29 May 2018 09:00:00 -0700 Stacy Spiva https://hackerone.com/blog/Introducing-Updated-Documentation-Center-Programs-and-Hackers New Hacker101 Content: Threat modeling, Burp basics, and more https://www.hackerone.com/blog/New-Hacker101-Content-Threat-modeling-Burp-basics-and-more Since January, thousands of hackers have expressed their enthusiasm about the first Hacker101 content drop (almost 80,000 total video views and 8,800+ stars on GitHub in just six months!); and now it&#039;s time to take things to the next level. Fri, 25 May 2018 08:00:00 -0700 Cody Brocious https://hackerone.com/blog/New-Hacker101-Content-Threat-modeling-Burp-basics-and-more CISOs and GDPR: The Top 3 Concerns https://www.hackerone.com/blog/CISOs-and-GDPR-the-top-3-concerns In “The CISOs Guide to GDPR”, expert Thomas Fischer offered up the three main concerns he’s hearing most often from CISOs regarding GDPR. Thu, 24 May 2018 07:30:00 -0700 luke https://hackerone.com/blog/CISOs-and-GDPR-the-top-3-concerns Hacker Q&A with Rachel Tobac: Hacking Companies Through Their People https://www.hackerone.com/blog/Hacker-QA-Rachel-Tobac-Hacking-Companies-Through-Their-People CEO and Co-founder of SocialProof Security, Rachel Tobac hacks people. Using a phone, email, and an approachable persona, Rachel discovers vital information that can be used to craft successful exploits. Fri, 11 May 2018 11:45:18 -0700 Tiffany Long https://hackerone.com/blog/Hacker-QA-Rachel-Tobac-Hacking-Companies-Through-Their-People Introducing The 90 day Hacker Leaderboard and Revamped Invitations https://www.hackerone.com/blog/Introducing-90-day-Hacker-Leaderboard-and-Revamped-Invitations Hackers can now see how they ranked by their Reputation, Signal, and Impact in the last 90 days. Invitations going forward will be based on your activity during the last 90 days. Mon, 07 May 2018 10:00:00 -0700 Tiffany Long https://hackerone.com/blog/Introducing-90-day-Hacker-Leaderboard-and-Revamped-Invitations Hacker Q&A with Alyssa: We are all still learning https://www.hackerone.com/blog/Hacker-QA-Alyssa-We-are-all-still-learning At 16 Alyssa Herrera discovered BugBounties and HackerOne--she hasn&#039;t looked back since. Now a full time bug hunter, Alyssa makes sure to give back to the community by sharing the knowledge she gained on her way to the number two spot on the DoD leaderboards. Sat, 05 May 2018 08:00:00 -0700 luke https://hackerone.com/blog/Hacker-QA-Alyssa-We-are-all-still-learning Hursti hacks, DEF CON villages, and the Dubious state of electronic voting https://www.hackerone.com/blog/Hursti-hacks-DEF-CON-villages-and-Dubious-state-electronic-voting Harri Hursti is one of the world’s leading authorities on election voting security. His work has exposed gaping security flaws in electronic voting machines and the electronic voting industry as a whole. He answered some of our questions on his hacking roots and why electronic voting is so easily hacked. Mon, 23 Apr 2018 09:00:00 -0700 luke https://hackerone.com/blog/Hursti-hacks-DEF-CON-villages-and-Dubious-state-electronic-voting H1-415 Recap: Oath Pays Over $400,000 to Hackers in One Day https://www.hackerone.com/blog/H1-415-Recap-Oath-Pays-Over-400000-Hackers-One-Day Forty-one hackers representing 11 countries. More than $400,000 paid in bounties. All in nine hours. HackerOne’s second annual live-hacking event in San Francisco broke multiple records on Saturday, April 14, 2018. The target? Oath, a media and tech company, under which Yahoo, AOL, Verizon Digital Media Services, TechCrunch and many more dynamic brands fall. Fri, 20 Apr 2018 07:00:00 -0700 johnk https://hackerone.com/blog/H1-415-Recap-Oath-Pays-Over-400000-Hackers-One-Day H1-202 Recap: Mapbox Pays Out Nearly $65,000 in One Day https://www.hackerone.com/blog/H1-202-Recap-Mapbox-Pays-Out-Nearly-65000-One-Day Twenty-seven hackers representing nine countries gathered at the U.S. capitol March 23-25, 2018 for HackerOne’s first live hacking event in Washington, D.C. The weekend consisted of a community day with Virginia-based high schoolers and a live hacking day — nine hours of hacking at Mapbox HQ, resulting in over 100 bugs reported and nearly $65,000 paid in rewards. Wed, 11 Apr 2018 10:00:00 -0700 johnk https://hackerone.com/blog/H1-202-Recap-Mapbox-Pays-Out-Nearly-65000-One-Day Q&A with CRANIUM: Easing Compliance with “GDPR in a Box” https://www.hackerone.com/blog/QA-CRANIUM-Easing-Compliance-GDPR-Box CRANIUM, an international consulting company specializing in privacy, data protection and information security, sells a GDPR in a Box to guide organizations through their GDPR challenge. It’s a combination of do-it-yourself plus online support, and we talked with one of their GDPR experts to learn more about it. Tue, 10 Apr 2018 07:00:00 -0700 luke https://hackerone.com/blog/QA-CRANIUM-Easing-Compliance-GDPR-Box Shopify Thanks Over 300 Hackers, Pays $850,000+ to Hackers in Three Years https://www.hackerone.com/blog/Shopify-Thanks-Over-300-Hackers-Pays-850000-Hackers-Three-Years This month, Shopify celebrates the three year anniversary of its bug bounty program with HackerOne. To-date the commerce platform has paid over $850,000 in rewards to hackers, resolved 759 vulnerabilities and has thanked over 300 hackers for their contributions. Mon, 09 Apr 2018 08:00:00 -0700 johnk https://hackerone.com/blog/Shopify-Thanks-Over-300-Hackers-Pays-850000-Hackers-Three-Years Everything You Need to Know about The Data Protection Officer Role https://www.hackerone.com/blog/Everything-You-Need-Know-about-Data-Protection-Officer-Role Privacy and data security expert, Debra Farber, explains what companies should think about as they fill the GDPR-mandated role of Data Protection Officer. Then she answers questions about when organizations should hire a DPO, who they should report to, and what type of background they need to have. Watch the video replay on-demand. Thu, 29 Mar 2018 08:00:00 -0700 luke https://hackerone.com/blog/Everything-You-Need-Know-about-Data-Protection-Officer-Role Q&A with HackerOne’s New Board Member: Kathryn Haun https://www.hackerone.com/blog/QA-HackerOnes-New-Board-Member-Kathryn-Haun We are thrilled to introduce HackerOne&#039;s new board member Kathryn Haun. Katie is a former U.S. Department of Justice (DOJ) federal prosecutor, Stanford Business School Lecturer and serves on the board of Coinbase. With cybersecurity affecting every industry, every entity, and every person who is digitally connected, Katie thinks one of the best ways to protect against nefarious actors is to provide a safe environment for ethical hackers to beat them to the punch. Wed, 28 Mar 2018 08:30:00 -0700 Lauren Koszarek https://hackerone.com/blog/QA-HackerOnes-New-Board-Member-Kathryn-Haun The CISO’s Guide to GDPR: Q&A with Thomas Fischer https://www.hackerone.com/blog/CISOs-Guide-GDPR-QA-Thomas-Fischer We recently caught up with GDPR expert Thomas Fischer for his help in answering some questions for us on the hot topic of GDPR. Tue, 27 Mar 2018 09:00:00 -0700 johnk https://hackerone.com/blog/CISOs-Guide-GDPR-QA-Thomas-Fischer General Motors Celebrates Second Anniversary with Hackers https://www.hackerone.com/blog/General-Motors-Celebrates-Second-Anniversary-Hackers Just over two years ago, General Motors became the first major automaker to launch a public vulnerability disclosure program (VDP). Its purpose? To protect its customers by working with hackers to safely identify and resolve security vulnerabilities. Since the program launched in 2016, GM has resolved more than 700 vulnerabilities across the entire supply chain, with help from hackers. Thu, 15 Mar 2018 13:00:00 -0700 johnk https://hackerone.com/blog/General-Motors-Celebrates-Second-Anniversary-Hackers Mr. Chairman, we need hackers! https://www.hackerone.com/blog/Mr-Chairman-we-need-hackers The more the world gets hacked, the more we need hackers. We need white hats. They will find vulnerabilities so we can fix them and not get breached. Thu, 15 Mar 2018 09:01:00 -0700 Mårten Mickos https://hackerone.com/blog/Mr-Chairman-we-need-hackers GitHub Celebrates Four Years of Bug Bounties: Q&A with VP of Security, Shawn Davenport https://www.hackerone.com/blog/GitHub-Celebrates-Four-Years-Bug-Bounties-QA-VP-Security-Shawn-Davenport GitHub celebrated the fourth anniversary of its Security Bug Bounty program and released a comprehensive recap of a record-breaking 2017 to mark the moment. To join the celebration and give you a chance to learn more about GitHub’s approach to bug bounties and security, we recently caught up with Shawn Davenport, VP of Security at GitHub. Wed, 14 Mar 2018 09:00:00 -0700 johnk https://hackerone.com/blog/GitHub-Celebrates-Four-Years-Bug-Bounties-QA-VP-Security-Shawn-Davenport GDPR: Let’s kill the FUD https://www.hackerone.com/blog/GDPR-Lets-kill-FUD It seems everywhere you look, the talk about GDPR is designed to scare you into action. Fear, uncertainty, and doubt (FUD) are powerful motivators. Probably the scariest thing of all: the potential fines. GDPR, on paper, allows for fines of up to €20 million ($24.5 million) or 4% of a company&#039;s global annual revenue. Here’s a quick (non-FUD-ified) list of some of what we see happening and how it may impact you. Mon, 12 Mar 2018 08:00:00 -0700 luke https://hackerone.com/blog/GDPR-Lets-kill-FUD OWASP Top 10 Web Security Risks of 2017 - Flashcards https://www.hackerone.com/blog/OWASP-Top-10-Web-Security-Risks-2017-Flashcards There’s no such thing as perfectly secure software. Learn about the top 10 web security risks of 2017 with our print-ready flashcard guide Wed, 07 Mar 2018 09:00:00 -0800 johnk https://hackerone.com/blog/OWASP-Top-10-Web-Security-Risks-2017-Flashcards Calling All “Bureaucracy Hackers” https://www.hackerone.com/blog/Calling-All-Bureaucracy-Hackers Lisa Wiswell, a HackerOne advisor and a principal at GRIMM cybersecurity firm, thinks the government needs more help from hackers. Not just with hacking or security, but with simply understanding the basics of technology and the internet. Mon, 05 Mar 2018 09:00:00 -0800 luke https://hackerone.com/blog/Calling-All-Bureaucracy-Hackers h1-202 CTF Winners Announced (and links to write-ups) https://www.hackerone.com/blog/h1-202-CTF-Winners-Announced Our h1-202 CTF attracted 450 participants and we chose three winners that will be sent to Washington, DC for our live-hacking event, h1-202! Find out who won and read their solution write-ups in this post. Thu, 01 Mar 2018 12:00:00 -0800 luke https://hackerone.com/blog/h1-202-CTF-Winners-Announced Q&A with Faye Francy: How Auto-ISAC Puts Security in the Driver’s Seat https://www.hackerone.com/blog/QA-Faye-Francy-How-Auto-ISAC-Puts-Security-Drivers-Seat Faye Francy is executive director of Auto-ISAC, an industry-operated organization created to enhance cybersecurity awareness and collaboration across the global automotive industry. We interviewed Faye to learn more about the work Auto-ISAC is doing to make all of our vehicles more secure. Wed, 28 Feb 2018 09:00:00 -0800 johnk https://hackerone.com/blog/QA-Faye-Francy-How-Auto-ISAC-Puts-Security-Drivers-Seat Sikur’s COO: Hacker Diversity Essential in Securing SIKURPhone https://www.hackerone.com/blog/Sikurs-COO-Hacker-Diversity-Essential-Securing-SIKURPhone Sikur ran a HackerOne challenge with highly skilled hackers focused on everything from hardware, to software to physical phone theft. We chatted with Sikur COO Alexandre Vasconcelos, who was in charge of the program, to learn more about how hackers serves as an essential component of Sikur’s overall security strategy. Tue, 27 Feb 2018 00:00:00 -0800 johnk https://hackerone.com/blog/Sikurs-COO-Hacker-Diversity-Essential-Securing-SIKURPhone Hacker Q&A with Shubham Gupta: Patience and Passion https://www.hackerone.com/blog/Hacker-QA-Shubham-gupta-Patience-and-Passion Shubham Gupta ranks in the 96th percentile when it comes to signal and has helped secure brands like Ubiquiti Networks, Twitter, Slack and others. Shubham is enthusiastic, eager to learn and challenging himself daily. We caught up with him to learn more about his story, what drives him and why he hacks for good. Fri, 23 Feb 2018 08:00:00 -0800 luke https://hackerone.com/blog/Hacker-QA-Shubham-gupta-Patience-and-Passion Hack Your Way to the White House https://www.hackerone.com/blog/Hack-Your-Way-White-House The h1-202 CTF is here! On March 25th, 2018, h1-202 will be happening in Washington, D.C. (at a top secret location!). We are opening up the event to any hacker around the world who wants to attend. All you need to do is solve our CTF and write up a great report. The individuals who submit the best write ups as determined by our judges will be invited to attend h1-202. Fri, 16 Feb 2018 12:00:00 -0800 johnk https://hackerone.com/blog/Hack-Your-Way-White-House Alexa, ask HackerOne... https://www.hackerone.com/blog/Alexa-ask-HackerOne Alexa, ask HackerOne what’s in the news? Mon, 12 Feb 2018 08:00:00 -0800 Martijn Russchen https://hackerone.com/blog/Alexa-ask-HackerOne How Hackers Spend Their Bounties https://www.hackerone.com/blog/How-Hackers-Spend-Their-Bounties At our poolside h1-702 live-hacking event in Las Vegas we asked some of our top hackers about how they spend their bounty earnings. Responses varied - from saving money for college, to buying a family car, to helping their parents purchase a home to: headphones, snowblowers, and more. Thu, 08 Feb 2018 10:00:00 -0800 johnk https://hackerone.com/blog/How-Hackers-Spend-Their-Bounties Google Play increases bounties and expands scope for Android apps https://www.hackerone.com/blog/Google-Play-increases-bounties-and-expands-scope-Android-apps Google is announcing updates to the program, including expanded vulnerability criteria and increased payouts. Wed, 07 Feb 2018 13:00:00 -0800 johnk https://hackerone.com/blog/Google-Play-increases-bounties-and-expands-scope-Android-apps Q&A with Jane Frankland: GDPR, CISOs, and Women in Cybersecurity https://www.hackerone.com/blog/QA-Jane-Frankland-GDPR-CISOs-and-Women-Cybersecurity Jane Frankland is an award-winning entrepreneur, speaker, and consultant in cybersecurity and entrepreneurism. For more than 20 years, Jane has been focused on cybersecurity, and has been actively involved in OWASP, CREST and the Cyber Essentials scheme. She a prolific author, having been featured in leading publications and appeared on iconic British media programmes. She has also just published a new book about women in security. Wed, 07 Feb 2018 08:00:00 -0800 luke https://hackerone.com/blog/QA-Jane-Frankland-GDPR-CISOs-and-Women-Cybersecurity U.S. Senate Hearing - Data Security and Bug Bounty Programs: Lessons Learned https://www.hackerone.com/blog/US-Senate-Hearing-Bug-Bounty-Lessons-Learned HackerOne was invited to testify in front of the U.S. Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security. We are honored to join the Senate and leaders in our industry to discuss the role hackers can play in strengthening security. Tue, 06 Feb 2018 14:00:00 -0800 Alex Rice https://hackerone.com/blog/US-Senate-Hearing-Bug-Bounty-Lessons-Learned Updated Hacker Invitations: Hack more, hack better https://www.hackerone.com/blog/Updated-Hacker-Invitations-Hack-more-hack-better Program invitations are getting better. Way better. Check out the new features to help you manage the invitations you receive on HackerOne. Thu, 01 Feb 2018 08:00:00 -0800 johnk https://hackerone.com/blog/Updated-Hacker-Invitations-Hack-more-hack-better Shifting into High Gear: How Automakers are Approaching Cybersecurity https://www.hackerone.com/blog/Shifting-High-Gear-How-Automakers-are-Approaching-Cybersecurity Faye Francy, Executive Director of Auto-ISAC, and Kevin Tierney, Director of Vehicle Cybersecurity at General Motors, spoke at our Security@ conference in a panel moderated by Gizmodo senior reporter, Kate Conger. Here&#039;s the recap. Wed, 31 Jan 2018 12:00:00 -0800 luke https://hackerone.com/blog/Shifting-High-Gear-How-Automakers-are-Approaching-Cybersecurity Healthy programs make for happy hackers. Introducing response SLAs https://www.hackerone.com/blog/Healthy-programs-make-happy-hackers-Introducing-response-SLAs How do you measure the success of your HackerOne program? What are the top things hackers look for from security teams? Ever wonder how your peers at other companies are doing against their key performance indicators?<br /> <br /> To answer these questions and more, today we’re launching our new response service level agreement (SLA) features to make it easier for you to maintain a healthy, responsive program. Thu, 25 Jan 2018 13:00:00 -0800 David Horvath https://hackerone.com/blog/Healthy-programs-make-happy-hackers-Introducing-response-SLAs Hacker101: Free class for web security. Let’s break some stuff https://www.hackerone.com/blog/Hacker101-Free-class-web-security-Lets-break-some-stuff Hacker101 is a free class for web security. Whether you&#039;re a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you. Wed, 24 Jan 2018 11:00:00 -0800 Cody Brocious https://hackerone.com/blog/Hacker101-Free-class-web-security-Lets-break-some-stuff Breaking the Bank: Getting Financial Services Companies to Embrace Hacker-Powered Security https://www.hackerone.com/blog/Breaking-Bank-Getting-Financial-Services-Companies-Embrace-Hacker-Powered-Security How the tide is shifting, and financial services firms are realizing that the economics of hacker-powered security outweigh the risks as presented at Security@ San Francisco. Tue, 23 Jan 2018 14:00:00 -0800 luke https://hackerone.com/blog/Breaking-Bank-Getting-Financial-Services-Companies-Embrace-Hacker-Powered-Security Double your signal, double your fun https://www.hackerone.com/blog/Double-your-signal-double-your-fun Human-Augmented Signal improves the signal of programs as reports flagged with a high noise probability are reviewed by HackerOne security analysts. After our system utilizes various criteria to automatically classify all incoming reports, reports with potential noise are forwarded to HackerOne security analysts for review.<br /> <br /> Mon, 22 Jan 2018 08:00:00 -0800 Martijn Russchen https://hackerone.com/blog/Double-your-signal-double-your-fun Small is Beautiful: Minimizing Attack Surfaces https://www.hackerone.com/blog/Small-Beautiful-Minimizing-Attack-Surfaces Every bug starts its life as a feature. If there was no feature, there would be no bug. Thu, 18 Jan 2018 12:00:00 -0800 luke https://hackerone.com/blog/Small-Beautiful-Minimizing-Attack-Surfaces Bug Bounty or Bust! The Art of Triage https://www.hackerone.com/blog/Bug-Bounty-or-Bust-Art-Triage Tips on how to best set yourself up operationally to handle the loads of reports flying your way, as well as more in-depth tips on how to handle common scenarios on individual reports. Wed, 17 Jan 2018 14:00:00 -0800 Adam Bacchus https://hackerone.com/blog/Bug-Bounty-or-Bust-Art-Triage The 2018 Hacker Report https://www.hackerone.com/blog/2018-Hacker-Report Wed, 17 Jan 2018 08:00:00 -0800 johnk https://hackerone.com/blog/2018-Hacker-Report What percentage of your software vulnerabilities have GDPR implications? https://www.hackerone.com/blog/What-percentage-your-software-vulnerabilities-have-GDPR-implications Do you know how many of your unknown vulnerabilities have the potential to cause a breach of consumer data? In other words, how many have GDPR implications? We wondered the same thing, so we did some digging. Here’s what we found. Tue, 16 Jan 2018 08:00:00 -0800 johnk https://hackerone.com/blog/What-percentage-your-software-vulnerabilities-have-GDPR-implications An Attorney’s View of Vulnerability Disclosure https://www.hackerone.com/blog/Attorneys-View-Vulnerability-Disclosure Vulnerability Disclosure Programs (VDPs) are not only being promoted by more and more organizations and officials, they’re an easy-to-implement yet critical part of any company’s security apparatus. But there are legal issues to consider, and we had a top cybersecurity attorney offering advice at the recent Security@ event. Tue, 16 Jan 2018 08:00:00 -0800 luke https://hackerone.com/blog/Attorneys-View-Vulnerability-Disclosure The Data Breaches That Did Not Happen in 2017 https://www.hackerone.com/blog/Data-Breaches-Did-Not-Happen-2017 It is easy to focus on the sorry state of security and the millions of records that were lost, but it was also a year of great progress. Tens of thousands of security vulnerabilities were eliminated with help from hackers. The optimist in us points to the breaches that did NOT happen last year as a result. Fri, 05 Jan 2018 08:00:00 -0800 Mårten Mickos https://hackerone.com/blog/Data-Breaches-Did-Not-Happen-2017 What Hackers Want in a Bounty Program [Security@ Recaps] https://www.hackerone.com/blog/What-Hackers-Want-Bounty-Program-Security-Recaps Tue, 02 Jan 2018 08:00:00 -0800 johnk https://hackerone.com/blog/What-Hackers-Want-Bounty-Program-Security-Recaps Hacker Q&A With EdOverflow https://www.hackerone.com/blog/Hacker-QA-EdOverflow EdOverflow is a hacker’s hacker. He’s found bugs for Razer, GitLab, and even HackerOne :). He writes about security and web development. And, he runs Securitytxt.org, which works to standardize how websites define their security policies. We chatted with Ed a bit about his background, his work, and his causes. Thu, 28 Dec 2017 08:00:00 -0800 johnk https://hackerone.com/blog/Hacker-QA-EdOverflow Bringing Private-sector Security into the U.S. Government [Security@ Recaps] https://www.hackerone.com/blog/Bringing-Private-sector-Security-US-Government-Security-Recaps Wed, 27 Dec 2017 09:00:00 -0800 johnk https://hackerone.com/blog/Bringing-Private-sector-Security-US-Government-Security-Recaps Hacking The Planet - Hack The World 2017 Recap https://www.hackerone.com/blog/Hacking-Planet-Hack-World-2017-Recap After 1 month of our community’s best and brightest going head to head to be named Hack The World 2017 champion, we are ready to share the winners of the annual contest. We also want to share some lessons learned, and give each of you the opportunity to share feedback with us so that we can improve on future contests. Fri, 22 Dec 2017 10:00:00 -0800 johnk https://hackerone.com/blog/Hacking-Planet-Hack-World-2017-Recap Samy Kamkar's Security@ San Francisco Keynote https://www.hackerone.com/blog/Samy-Kamkar-Security-at-San-Francisco-Keynote If you were into social networks during the MySpace era, you might recall the Samy Worm of 2005. The worm spread through friend invitations, infecting MySpace user accounts and adding “Samy is my hero” to their personal pages. Unsurprisingly, it was developed by a teenager named Samy...and yes, Samy is our hero. Thu, 21 Dec 2017 14:00:00 -0800 johnk https://hackerone.com/blog/Samy-Kamkar-Security-at-San-Francisco-Keynote Alex Rice and Zane Lackey Discuss Modern Security for Practitioners https://www.hackerone.com/blog/Alex-Rice-and-Zane-Lackey-Discuss-Modern-Security-Practitioners Our co-founder and CTO, Alex Rice, was a recent guest on The Modern Security Series by Signal Sciences, along with Signal Sciences’ co-founder and CSO, Zane Lackey. Thu, 21 Dec 2017 09:00:00 -0800 luke https://hackerone.com/blog/Alex-Rice-and-Zane-Lackey-Discuss-Modern-Security-Practitioners Hacking the U.S. Air Force (again) from a New York City subway station https://www.hackerone.com/blog/Hacking-US-Air-Force-again-New-York-City-subway-station Mon, 18 Dec 2017 05:00:00 -0800 johnk https://hackerone.com/blog/Hacking-US-Air-Force-again-New-York-City-subway-station Using Hackers to Tip Cybersecurity Asymmetry in Your Favor https://www.hackerone.com/blog/Using-Hackers-Tip-Cybersecurity-Asymmetry-Your-Favor HackerOne’s Security@ was a one-day, invitation-only event held in late October to bring together security leaders, hackers and industry experts to discuss the hacker-powered security movement. Topics ranged from building successful security programs to understanding the latest policies and regulations that impact working with the ethical hacker community. This blog series recaps the event’s keynote presentations and panel discussions. Thu, 14 Dec 2017 09:00:00 -0800 johnk https://hackerone.com/blog/Using-Hackers-Tip-Cybersecurity-Asymmetry-Your-Favor The European Commission’s First-Ever Bug Bounty Program https://www.hackerone.com/blog/the-european-commissions-first-ever-bug-bounty-program The European Commission has selected HackerOne as the platform for their first ever bug bounty program. Wed, 13 Dec 2017 00:00:00 -0800 johnk https://hackerone.com/blog/the-european-commissions-first-ever-bug-bounty-program AlienVault streamlines their vulnerability disclosure with HackerOne Response https://www.hackerone.com/blog/AlienVault-streamlines-their-vulnerability-disclosure-with-HackerOne-Response HackerOne is helping AlienVault manage incoming reports, triage them, and automatically create tickets on their internal ticketing system for only the valid reports. Tue, 12 Dec 2017 08:00:00 -0800 luke https://hackerone.com/blog/AlienVault-streamlines-their-vulnerability-disclosure-with-HackerOne-Response CERT: People and Process are Essence of Coordinated Vulnerability Disclosure https://www.hackerone.com/blog/CERT-People-and-Process-are-Essence-of-Coordinated-Vulnerability-Disclosure We recently held an Ask Me Anything with the co-authors of The CERT Guide to Coordinated Vulnerability Disclosure (CVD). The CERT Coordination Center’s Allen D. Householder, Threat Ecosystem Analysis Team Lead, and Art Manion, Vulnerability Analysis Technical Manager, shared their thoughts on the creation of their guide as well as many of the specific points within the guide. Wed, 06 Dec 2017 09:00:00 -0800 luke https://hackerone.com/blog/CERT-People-and-Process-are-Essence-of-Coordinated-Vulnerability-Disclosure Watch All The Security@ Conference Videos - Featuring Samy Kamkar, Natalie Silvanovich, and More https://www.hackerone.com/blog/Watch-All-The-Security-At-Videos-Featuring-Samy-Kamkar-and-Natalie-Silvanovich Watch all the Security@ content including Samy Kamkar&#039;s keynote, Natalie Silvanovich&#039;s “attack surface reduction” masterpiece and more. Tue, 05 Dec 2017 09:00:00 -0800 luke https://hackerone.com/blog/Watch-All-The-Security-At-Videos-Featuring-Samy-Kamkar-and-Natalie-Silvanovich Why Riot Games Pays Hackers to Break Them https://www.hackerone.com/blog/Why-Riot-Games-Pays-Hackers-to-Break-Them In the League of Legends world, your nexus is protected from outside threats by a strong team of diverse champions. It’s similar to how you should approach security in the real world, and wouldn’t it be better to have more and better champions working on your team? Mon, 04 Dec 2017 08:00:00 -0800 luke https://hackerone.com/blog/Why-Riot-Games-Pays-Hackers-to-Break-Them KPMG’s Cyber Security Expert Offers Advice for Bug Bounty Success https://www.hackerone.com/blog/KPMGs-Cyber-Security-Expert-Offers-Advice-for-Bug-Bounty-Success Before you propose a bug bounty program to your organization, you need a comprehensive plan. That’s just one of the many takeaways offered on a recent podcast from KPMG’s Advisory Institute, which publishes content related to business performance, technology, risk management, and more. Fri, 01 Dec 2017 08:00:00 -0800 luke https://hackerone.com/blog/KPMGs-Cyber-Security-Expert-Offers-Advice-for-Bug-Bounty-Success The ICO’s 12-Step Guide to GDPR Compliance https://www.hackerone.com/blog/The-ICOs-12-Step-Guide-to-GDPR-Compliance The United Kingdom’s Information Commissioner’s Office suggested “12 steps to take now” to get ahead of GDPR’s impact on your operations and processes. We’ve put together a quick recap available on our resources page. Thu, 30 Nov 2017 08:00:00 -0800 luke https://hackerone.com/blog/The-ICOs-12-Step-Guide-to-GDPR-Compliance Breach Basics: Preparation for the Inevitable https://www.hackerone.com/blog/Breach-Basics-Preparation-for-the-Inevitable Data breaches in information security have become an inescapable reality. A common inquiry we receive here at HackerOne is for guidance on how to most effectively respond to one of these unfortunate incidents. There are no easy answers. Our hope is the following guidance can serve as recommendations for any victim of a breach. Tue, 28 Nov 2017 12:00:00 -0800 Alex Rice https://hackerone.com/blog/Breach-Basics-Preparation-for-the-Inevitable The Voices of Vulnerability Disclosure: Look Who’s Talking About VDPs https://www.hackerone.com/blog/The-Voices-of-Vulnerability-Disclosure-Look-Whos-Talking-About-VDPs The attention being given to vulnerability disclosure policies (VDP) in the past year has increased dramatically. It might be the latest high-profile breach that sparks a comment, but more and more, it’s the attitude that VDPs aren’t just nice-to-haves, they’re critical tools for every cyber security team. Wed, 22 Nov 2017 10:00:00 -0800 luke https://hackerone.com/blog/The-Voices-of-Vulnerability-Disclosure-Look-Whos-Talking-About-VDPs H1-212 CTF results https://www.hackerone.com/blog/h1-212-ctf-results Thanks to all of you who participated in our first ever h1-212 CTF! We had a lot of fun building it and it looks like many of you had a great time participating. Tue, 21 Nov 2017 00:00:00 -0800 Jobert Abma https://hackerone.com/blog/h1-212-ctf-results Five Days Left to Hack The World 2017! https://www.hackerone.com/blog/Five-Days-Left-to-Hack-The-World-2017 There are only five days left to Hack The World 2017 and earn the title! Now is the time to find some serious  bugs and earn your spot at the top of our leaderboard! Tue, 14 Nov 2017 11:00:00 -0800 johnk https://hackerone.com/blog/Five-Days-Left-to-Hack-The-World-2017 Hack your way to NYC this December for h1-212 https://www.hackerone.com/blog/hack-your-way-to-nyc-this-december-for-h1-212 Want to win an all expenses paid trip to New York City to hack against HackerOne 1337 and a chance to earn up to $100,000 in bounties? The h1-212 CTF is here! Mon, 13 Nov 2017 00:00:00 -0800 Jobert Abma https://hackerone.com/blog/hack-your-way-to-nyc-this-december-for-h1-212 Hack The Pentagon Turns One on HackerOne https://www.hackerone.com/blog/hack-the-pentagon-turns-one Great news for U.S. citizens! Over 3,000 valid security vulnerabilities have been resolved with the U.S. Department of Defense’s “Hack the Pentagon” hacker-powered security program. Thu, 09 Nov 2017 09:00:00 -0800 johnk https://hackerone.com/blog/hack-the-pentagon-turns-one Hacker-Powered Pen Tests and The Power of More https://www.hackerone.com/blog/Hacker-Powered-Pen-Tests-and-The-Power-of-More Traditional pen tests can be expensive, especially those that produce low-hanging fruit results. And even more painful when you pay the same price tag for the low-value pen test report as the report revealing multiple critical vulnerabilities. With hacker-powered penetration testing, on the other hand you tap into more of the best talent, without a huge initial price tag. Wed, 08 Nov 2017 08:00:00 -0800 luke https://hackerone.com/blog/Hacker-Powered-Pen-Tests-and-The-Power-of-More HackerOne CEO joins Node.js Foundation Board https://www.hackerone.com/blog/hackerone-ceo-joins-nodejs-foundation-board HackerOne has joined the Node.js Foundation as a member and CEO Marten Mickos has joined its board. Node.js Foundation sat down with Marten to learn more about his vision, mission and why he’s passionate about Node.js and the open source community. Mon, 06 Nov 2017 08:00:00 -0800 johnk https://hackerone.com/blog/hackerone-ceo-joins-nodejs-foundation-board XOXO: We Love Coinbase for Loving Bug Bounties https://www.hackerone.com/blog/we-love-coinbase-for-loving-bug-bounties Coinbase just professed their love for bug bounty programs, and it kind of makes us blush. Read all about their program’s evolution and how they’ve paid out more than $175,000 in bounties over the past 5 years. Thu, 02 Nov 2017 08:00:00 -0700 johnk https://hackerone.com/blog/we-love-coinbase-for-loving-bug-bounties Hacking the World on Halloween (and every day) https://www.hackerone.com/blog/Hacking-the-World-on-Halloween-and-every-day Every Halloween we confront the ultimate question: trick or treat? For Hack The World 2017, we chose treat and wanted to remind all of you about some of the amazing special prizes being offered by some of our top customers for this year’s competition. Tue, 31 Oct 2017 11:00:00 -0700 luke https://hackerone.com/blog/Hacking-the-World-on-Halloween-and-every-day Toasting Security@ SF 2017 https://www.hackerone.com/blog/toasting-security-at-sf-2017 What does a world famous hacker, a veteran, leading auto manufacturers, and a digital currency broker have in common? They all joined us at the first hacker-powered security conference, Security@ San Francisco, alongside over 250 security leaders, influencers and hackers from over 150 companies. Tue, 31 Oct 2017 09:00:00 -0700 johnk https://hackerone.com/blog/toasting-security-at-sf-2017 Your TL;DR Summary of The CERT Guide to Coordinated Vulnerability Disclosure https://www.hackerone.com/blog/Your-TLDR-Summary-of-The-CERT-Guide-to-Coordinated-Vulnerability-Disclosure The CERT Coordination Center at Carnegie Mellon University’s Software Engineering Institute (SEI) recently released The CERT Guide to Coordinated Vulnerability Disclosure. It is an amazingly detailed, clever, and complete guide to explaining the need for coordinated vulnerability disclosure (CVD). We&#039;ve done our best to give you the cliff notes and even included some additional helpful resources at the end. <br /> Thu, 26 Oct 2017 10:00:00 -0700 luke https://hackerone.com/blog/Your-TLDR-Summary-of-The-CERT-Guide-to-Coordinated-Vulnerability-Disclosure Google wants you to hack their top Android apps https://www.hackerone.com/blog/google-wants-you-to-hack-their-top-android-apps It’s a great day to be mobile hacker. Today, Google and HackerOne announced the groundbreaking Google Play Security Reward Program. Thu, 19 Oct 2017 10:00:00 -0700 johnk https://hackerone.com/blog/google-wants-you-to-hack-their-top-android-apps US Deputy Attorney General Recommends Every Company Create a Vulnerability Disclosure Policy (VDP) https://www.hackerone.com/blog/US-Deputy-Attorney-General-Recommends-Every-Company-Create-a-Vulnerability-Disclosure-Policy-VDP Rod J. Rosenstein, Deputy Attorney General at the Global Cyber Security Summit in London encourages all companies to consider promulgating a vulnerability disclosure policy, that is, a public invitation for white hat security researchers to report vulnerabilities. Wed, 18 Oct 2017 12:00:00 -0700 luke https://hackerone.com/blog/US-Deputy-Attorney-General-Recommends-Every-Company-Create-a-Vulnerability-Disclosure-Policy-VDP Introducing Security@ San Francisco! https://www.hackerone.com/blog/Introducing-Security-at-San-Francisco Next week we’re kicking off our first conference by and for the hacker-powered security industry. On Tuesday, October 24, 2017, Security@ San Francisco will gather more than 200 security leaders, hackers and industry experts for groundbreaking keynotes, presentations and networking with peers and industry leaders who are paving the way to a safer internet.<br /> Tue, 17 Oct 2017 12:00:00 -0700 luke https://hackerone.com/blog/Introducing-Security-at-San-Francisco Ready or Not, Here Comes GDPR https://www.hackerone.com/blog/Ready-or-Not-Here-Comes-GDPR The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018 and it will radically change how your business manages customer data and security. Read the high-level GDPR info you need to know including three key provisions in GDPR related to security and vulnerability testing. Tue, 17 Oct 2017 09:00:00 -0700 luke https://hackerone.com/blog/Ready-or-Not-Here-Comes-GDPR Announcing Hack The World 2017 https://www.hackerone.com/blog/Announcing-Hack-The-World-2017 After the success of Hack The World 2016, we’re bringing back our annual hacking competition and, thanks to your feedback, have made some great improvements to make it even better than last year. Mon, 16 Oct 2017 08:00:00 -0700 luke https://hackerone.com/blog/Announcing-Hack-The-World-2017 HackerOne Joins Forces with Node.js Foundation to Build a Safer Internet https://www.hackerone.com/blog/node-js-foundation Open source powers our platform, our community, and is the underpinning of our entire connected society. Node.js developers build the web applications that are responsible for the foundation of our connected world. Because of this, we have a responsibility to help them grow their community, while also empowering them to be more secure. Wed, 04 Oct 2017 10:00:00 -0700 kwhite https://hackerone.com/blog/node-js-foundation Better than Cyber Monday: Ecommerce and Retail Edition of The Hacker-Powered Security Report https://www.hackerone.com/blog/hacker-powered-security-report-retail-edition Is the ecommerce and retail industry a pioneer or a laggard in using hacker-powered efforts in the fight against cyber criminals? And how does your retail company stack up against others in the industry? Find out with this new report, specifically for the ecommerce and retail industry, and using data culled from more than 800 hacker-powered security programs, over $20 million in awarded bounties, and nearly 50,000 resolved security vulnerabilities. Tue, 03 Oct 2017 10:57:02 -0700 kwhite https://hackerone.com/blog/hacker-powered-security-report-retail-edition HackerOne CEO Marten Mickos On Bug Bounty Programs https://www.hackerone.com/blog/marten-mickos-tripwire-interview David Brisson of Tripwire recently published a list of the 10 essential bug bounty programs of 2017. Half of the companies included on that list manage their vulnerability disclosure programs through HackerOne.<br /> <br /> Taking note of this, David sat down with HackerOne CEO, Mårten Mickos, to discuss trends in the security industry, thoughts on bug bounty programs, and why companies turn to HackerOne.<br /> <br /> We’ve pulled some of our favorite quotes from the conversation. Fri, 29 Sep 2017 08:40:00 -0700 kwhite https://hackerone.com/blog/marten-mickos-tripwire-interview Hacker Q&A with Gerben_Javado: To Share Knowledge is to Gain Knowledge https://www.hackerone.com/blog/q-and-a-with-hacker-gerben-javado Twenty-one years old. Full-time college student. Mountain biker. Bounty hunter. That’s Gerben Janssen van Doorn, who goes by Gerben_Javado and is ranked ninth on HackerOne’s hacker reputation. He’s found more than 400 bugs and made $2,000 in the past month alone (and that’s just on public bugs). Thu, 28 Sep 2017 14:02:02 -0700 kwhite https://hackerone.com/blog/q-and-a-with-hacker-gerben-javado How The U.S. Government is Out-Innovating Corporate America https://www.hackerone.com/blog/How-The-US-Government-is-Out-Innovating-Corporate-America The Department of Defense is ahead of 94% of the Forbes Global 2000 companies that do not have a public vulnerability disclosure policy. Tue, 26 Sep 2017 08:00:08 -0700 luke https://hackerone.com/blog/How-The-US-Government-is-Out-Innovating-Corporate-America More Than Just Security: 451 Research Webinar Recap https://www.hackerone.com/blog/more-than-just-security-451-research-webinar-recap Today, not having a Vulnerability disclosure policy means you choose to stay in the dark. Scott reviews VDP&#039;s and Bug Bounties in our live webinar. Fri, 22 Sep 2017 06:00:00 -0700 luke https://hackerone.com/blog/more-than-just-security-451-research-webinar-recap Shopify Shares How Hackers Help to Secure $40B+ in Transactions https://www.hackerone.com/blog/shopify-shares-how-hackers-help-secure-40B-in-transactions Dark Reading’s Kelly Sheridan recently sat down with Andrew for a Q&amp;A talking about Ecommerce security and their bug bounty program hosted on HackerOne. Wed, 20 Sep 2017 10:00:00 -0700 johnk https://hackerone.com/blog/shopify-shares-how-hackers-help-secure-40B-in-transactions Hacker Q&A with LEETboy: I bought a car for my mom from bug bounties https://www.hackerone.com/blog/hacker-q-and-a-with-leetboy A hacker is a superhero who uses his superpower (hacking) to make the world a better place. That’s what LEETboy, aka Mohammad Aman Khan, believes (and so do we). Wed, 06 Sep 2017 08:00:00 -0700 johnk https://hackerone.com/blog/hacker-q-and-a-with-leetboy $20,000,000: Time to split bounties! https://www.hackerone.com/blog/time-to-split-bounties We are excited to announce bounty splitting! A feature designed to give back to those other hackers who helped you find that RCE! Thu, 31 Aug 2017 00:00:00 -0700 Jobert Abma https://hackerone.com/blog/time-to-split-bounties $20M in Bounties Paid and $100M In Sight https://www.hackerone.com/blog/20M-in-bounties-paid-and-100M-in-sight Over 50,000 vulnerabilities found and fixed. Over 100,000 hackers strong in the HackerOne community. Over $20 million paid in bounties to those who help make the connected world more secure. Wed, 30 Aug 2017 11:20:00 -0700 johnk https://hackerone.com/blog/20M-in-bounties-paid-and-100M-in-sight Celebrating $20M in Bounties with a Recap of Our Top 20 Up Voted Reports on Hacktivity https://www.hackerone.com/blog/top-20-upvoted-reports-on-hacktivity In honor of our $20M in bounties paid out to hackers, we revisit some of the top most up voted reports ever submitted on HackerOne. Mon, 28 Aug 2017 11:00:00 -0700 johnk https://hackerone.com/blog/top-20-upvoted-reports-on-hacktivity Slack Integration 2.0: Notification Filters, Multiple Channels, & Username Mentions https://www.hackerone.com/blog/slack-integration-update-2 Today we’re announcing an enhanced Slack integration which allows teams to customize their HackerOne notifications and support their own unique workflows. The new integration features include: granular notification settings, ability to configure multiple channels, and username mention notifications. Thu, 17 Aug 2017 12:00:00 -0700 johnk https://hackerone.com/blog/slack-integration-update-2 What Happens in Vegas...Stays on Hacktivity https://www.hackerone.com/blog/what-happens-in-vegas-stays-on-hacktivity H1-702 was HackerOne’s second annual live-hacking event held in Las Vegas. It’s hosted during Security Summer Camp: Where security teams, hackers, feds, and fans attend the trifecta of events: Black Hat, DEF CON, and BSides Las Vegas. Thu, 17 Aug 2017 10:00:00 -0700 johnk https://hackerone.com/blog/what-happens-in-vegas-stays-on-hacktivity Interview with Hack the Air Force Winner, @CableJ https://www.hackerone.com/blog/interview-with-hack-the-air-force-winner HackerOne recently sat down with Jack, who found 30 unique valid vulnerabilities during “Hack the Air Force” bug bounty challenge, making him the top hacker for the program. Thu, 17 Aug 2017 08:00:00 -0700 johnk https://hackerone.com/blog/interview-with-hack-the-air-force-winner Key Findings From The Hacker-Powered Security Report: Security Vulnerabilities Worry Companies the Most (6 of 6) https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Security-Vulnerabilities-Worry-Companies-The-Most-6-of-6 We surveyed our customers to see what their security focus is. Read the summarized data of our survey results that are published in the Hacker-Powered Security Report. Tue, 15 Aug 2017 07:00:00 -0700 luke https://hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Security-Vulnerabilities-Worry-Companies-The-Most-6-of-6 Capture The Flag Solution: reversing the password https://www.hackerone.com/blog/capture-the-flag-solution-reversing-the-password Last week, a mini Capture The Flag (CTF) was posted about a criminal who changed Barry’s password. The challenge was to come up with the password the criminal chose. This blog will explain how the CTF could be solved. Sat, 12 Aug 2017 17:00:00 -0700 Jobert Abma https://hackerone.com/blog/capture-the-flag-solution-reversing-the-password Vulnerability Disclosure Policy Basics: 5 Critical Components https://www.hackerone.com/blog/Vulnerability-Disclosure-Policy-Basics-5-Critical-Components Vulnerabilities are found every day by security researchers, friendly hackers, customers, academics, journalists, and tech hobbyists. Because no system is entirely free of security issues, it&#039;s important to provide an obvious way for external parties to report vulnerabilities. Thu, 10 Aug 2017 09:00:00 -0700 luke https://hackerone.com/blog/Vulnerability-Disclosure-Policy-Basics-5-Critical-Components Aim High...Find, Fix, Win! https://www.hackerone.com/blog/hack-the-air-force-results It took just under a minute for hackers to report the first security vulnerability to the U.S. Air Force. Twenty-five days later when the Hack the Air Force bug bounty challenge concluded, 207 valid vulnerabilities had been discovered. Hackers will be awarded more than $130,000 for making the Air Force more secure. Thu, 10 Aug 2017 05:00:00 -0700 johnk https://hackerone.com/blog/hack-the-air-force-results Key Findings From The Hacker-Powered Security Report: Vulnerability Disclosure Policies (5 of 6) https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Vulnerability-Disclosure-Policies-5-of-6 The Hacker-Powered Security Report found that, despite increased bug bounty program adoption and recommendations from federal agencies, 94 percent of the top publicly-traded companies do not have known vulnerability disclosure policies (VDP). Tue, 08 Aug 2017 08:00:00 -0700 luke https://hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Vulnerability-Disclosure-Policies-5-of-6 5 Hacker-Powered Trends You Need to Know About https://www.hackerone.com/blog/5-hacker-powered-trends-you-need-to-know For your quick reference, we’ve distilled the Hacker-Powered Security Report to 5 key trends that show how white-hat hackers are shaping the world of security. Wed, 02 Aug 2017 07:00:00 -0700 johnk https://hackerone.com/blog/5-hacker-powered-trends-you-need-to-know Key Findings From The Hacker-Powered Security Report: Bounty Payments Are Increasing (4 of 6) https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Bounty-Payments-Are-Increasing-4-of-6 As you can imagine, money talks. Better hackers — those with more experience and in-demand skills — go where the money is, and that means organizations that pay more generally get access to the best talent. Tue, 01 Aug 2017 08:00:00 -0700 luke https://hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Bounty-Payments-Are-Increasing-4-of-6 Security Risk Assessment Report - Key Facts https://www.hackerone.com/blog/100-Facts-from-The-Hacker-Powered-Security-Report-2017 Our Hacker-Powered Security Report is so chock-full of compelling insights, interesting tidbits, and surprising stats that we decided to distill them down to just the top 100. Thu, 27 Jul 2017 08:00:00 -0700 luke https://hackerone.com/blog/100-Facts-from-The-Hacker-Powered-Security-Report-2017 How to: Recon and Content Discovery https://www.hackerone.com/blog/how-to-recon-and-content-discovery Recon plays a major role while hacking on a program.  Recon doesn’t always mean to find subdomains belonging to a company, it also could relate to finding out how a company is setting up its properties and what resources they are using. Tue, 25 Jul 2017 10:52:00 -0700 johnk https://hackerone.com/blog/how-to-recon-and-content-discovery Key Findings From The Hacker-Powered Security Report: Responsive Programs Attract Top Hackers (3 of 6) https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Security-Responsive-Programs-Attract-Top-Hackers-3-of-6 The Hacker-Powered Security Report found that hackers are overwhelmingly attracted to the programs that are the fastest at acknowledging, validating, and resolving submitted vulnerabilities. Tue, 25 Jul 2017 08:00:00 -0700 luke https://hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Security-Responsive-Programs-Attract-Top-Hackers-3-of-6 Faster and Better: New Bank Transfer Payment Feature for Hackers https://www.hackerone.com/blog/Faster-and-better-New-Bank-Transfer-Payment-Feature-for-Hackers We’re happy to announce that we’re adding Bank Transfers as a payout option to complement Paypal and Coinbase. This feature will give you the ability to get paid out in 30 different currencies to almost any country in the world. Tue, 25 Jul 2017 08:15:00 -0700 Martijn Russchen https://hackerone.com/blog/Faster-and-better-New-Bank-Transfer-Payment-Feature-for-Hackers Hey Hackers: We’ve got your free Burp Suite Professional license right here https://www.hackerone.com/blog/Hey-Hackers-Weve-got-your-free-Burp-Suite-Professional-license-right-here Burp Suite is the premier offensive hacking solution, and now when new hackers reach at least a 500 reputation on HackerOne and have a positive signal, they are eligible for 3-months free of Burp Suite Professional. Mon, 24 Jul 2017 07:00:00 -0700 luke https://hackerone.com/blog/Hey-Hackers-Weve-got-your-free-Burp-Suite-Professional-license-right-here Q&A With @MalwareTechBlog https://www.hackerone.com/blog/Q-and-A-With-Malware-Tech-Blog When he’s not reverse engineering malware, Marcus Hutchins (aka @MalwareTechBlog) can be found surfing, partying, or traveling. That’s to be expected for any typical 22-year-old, except for the part where he stopped the WannaCry malware outbreak. This is part of his story... Fri, 21 Jul 2017 15:00:00 -0700 luke https://hackerone.com/blog/Q-and-A-With-Malware-Tech-Blog Facebook, Ford Foundation and GitHub Donate $300,000 to Protect the Internet https://www.hackerone.com/blog/Facebook-Ford-Foundation-and-GitHub-Donate-300k-to-Protect-the-Internet Facebook, the Ford Foundation, and GitHub have each donated $100,000 to the Internet Bug Bounty (IBB) to thank hackers who contribute to making the internet safer. Facebook, which has supported the IBB since its inception, renewed its commitment to the program, while the Ford Foundation and GitHub came on board as new partners. Fri, 21 Jul 2017 07:00:00 -0700 luke https://hackerone.com/blog/Facebook-Ford-Foundation-and-GitHub-Donate-300k-to-Protect-the-Internet What is your program’s Scope? https://www.hackerone.com/blog/What-is-your-programs-Scope We are glad to announce our new functionality for defining Scope! HackerOne’s Vulnerability Taxonomy now includes Severity, Weakness type, and Asset. Thu, 20 Jul 2017 16:00:00 -0700 luke https://hackerone.com/blog/What-is-your-programs-Scope More Hacking, Less Risk https://www.hackerone.com/blog/More-Hacking-Less-Risk Our systems will be hacked. This is the only reasonable cybersecurity prediction we can make. If we are at risk of being hacked, the best scenario would be to be hacked by friendly forces so we can plug the hole immediately. This will render the vulnerability useless for malicious attackers. How can we find these vulnerabilities faster? The answer is simple: Ask those who see something to say something. Thu, 20 Jul 2017 08:00:00 -0700 luke https://hackerone.com/blog/More-Hacking-Less-Risk Tor Project Launches Public Bug Bounty Program | Q&A with Tor Browser Team Lead, Georg Koppen https://www.hackerone.com/blog/Tor-Project-Launches-Public-Bug-Bounty-Program In January 2016, the Tor Project launched its first private bug bounty program on HackerOne. Today the Tor Project announced its public bug bounty program. We sat down with the Tor security team lead, Georg Koppen to learn more about the program, what it means for the industry, and how it fits into Tor’s security strategy. See the full Q&amp;A below. Thu, 20 Jul 2017 06:00:00 -0700 luke https://hackerone.com/blog/Tor-Project-Launches-Public-Bug-Bounty-Program Webinar Recap: Attorneys Chime in on Hacker-Powered Security https://www.hackerone.com/blog/Webinar-Recap-Attorneys-Chime-in-on-Hacker-Powered-Security To learn more about how legal teams and federal enforcers view hacker-powered security, we asked Megan Brown, partner, and Matthew Gardner, attorney, from the Privacy &amp; Cybersecurity Practice at Wiley Rein LLP, a Washington, DC-based firm to present at our webinar, Invitation to Hack: Vulnerability Disclosure Programs. Tue, 18 Jul 2017 09:00:00 -0700 luke https://hackerone.com/blog/Webinar-Recap-Attorneys-Chime-in-on-Hacker-Powered-Security Key Findings From The Hacker-Powered Security Report: Security Responsiveness is Improving (2 of 6) https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Security-Responsiveness-Is-Improving-2-of-6 The Hacker-Powered Security Report found that the average time to first response for security issues was 6 days in 2017, compared to 7 days in 2016. Tue, 18 Jul 2017 08:00:00 -0700 luke https://hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Security-Responsiveness-Is-Improving-2-of-6 HackerOne Black Hat Week Activities- 2017 Edition https://www.hackerone.com/blog/HackerOne-Black-Hat-Week-Activities-2017-Edition Let the countdown begin - Las Vegas awaits patiently for that amazing week of 0-days, conferencing, revelry, and networking. Read on for a quick rundown of what activities HackerOne has got in store for Black Hat week - the 2017 edition Mon, 17 Jul 2017 14:00:00 -0700 luke https://hackerone.com/blog/HackerOne-Black-Hat-Week-Activities-2017-Edition 451 Research Defines 7-Step Roadmap for Hacker-Powered Security Success https://www.hackerone.com/blog/451-Research-Defines-7-Step-Roadmap-for-Hacker-Powered-Security-Success One of the top IT research and advisory companies, 451 Research, recently authored a new “pathfinder report” to help decision-makers better understand the value of bug bounties and a compliant vulnerability disclosure process in their overall software security apparatus. Mon, 17 Jul 2017 07:15:00 -0700 luke https://hackerone.com/blog/451-Research-Defines-7-Step-Roadmap-for-Hacker-Powered-Security-Success Your Grab public bug bounty program is arriving now https://www.hackerone.com/blog/Your-Grab-public-bug-bounty-program-is-arriving-now Any hackers out there ever hunt for bugs on your mobile phone while riding in a car? Well, now our thousands of hackers in Southeast Asia can do just that - hack and report bugs to Grab, the largest ride-hailing app and payment platform in Southeast Asia. Tue, 11 Jul 2017 15:00:00 -0700 luke https://hackerone.com/blog/Your-Grab-public-bug-bounty-program-is-arriving-now Key Findings From The Hacker-Powered Security Report: It’s Not Just For Tech (1 of 6) https://www.hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Its-Not-Just-For-Tech-1-of-6 When hacker-powered security is mentioned, you might assume it’s a bleeding-edge technique reserved for risk-tolerant tech firms. But incorporating bug bounty programs, working with ethical hackers, and encouraging vulnerability disclosures is being adopted across industries. Tue, 11 Jul 2017 09:00:00 -0700 luke https://hackerone.com/blog/Key-Findings-From-The-Hacker-Powered-Security-Report-Its-Not-Just-For-Tech-1-of-6 How To: Command Injections https://www.hackerone.com/blog/how-to-command-injections A command injection is a class of vulnerabilities where the attacker can control one or multiple commands that are being executed on a system. This post will go over the impact, how to test for it, defeating mitigations, and caveats of command injection vulnerabilities. Fri, 07 Jul 2017 07:00:00 -0700 johnk https://hackerone.com/blog/how-to-command-injections HackerOne-sie - More than just epic swag https://www.hackerone.com/blog/HackerOne-sie-More-than-just-epic-swag This illustrious sweater and sweat pant combo has been elevated to elite swag status donned by a lucky few. Only the elite of the elite on our Hacker Advisory Board have been offered a HackerOne-sie. Until now...<br /> Fri, 30 Jun 2017 09:00:00 -0700 luke https://hackerone.com/blog/HackerOne-sie-More-than-just-epic-swag First Half 2017 Product Update: HackerOne https://www.hackerone.com/blog/First-Half-2017-Product-Update-HackerOne A summary of our market-leading platform improvements over the past six months. Also included are details on our newest product launches, HackerOne Challenge and HackerOne Community Edition. Thu, 29 Jun 2017 12:00:00 -0700 luke https://hackerone.com/blog/First-Half-2017-Product-Update-HackerOne From Free Food to Free Flights: Kanishk’s Journey https://www.hackerone.com/blog/From-Free-Food-to-Free-Flights-Kanishks-Journey Kanishk Sajnani is a young hacker who lives in Ahmedabad, Gujarat, India. He could have flown around the world for free, but he didn&#039;t... Wed, 28 Jun 2017 20:00:00 -0700 luke https://hackerone.com/blog/From-Free-Food-to-Free-Flights-Kanishks-Journey The Hacker-Powered Security Report: Insights from Over 800 Programs https://www.hackerone.com/blog/The-Hacker-Powered-Security-Report-Insights-from-Over-800-Programs Did you know 94% of the Forbes Global 2000 do not have known vulnerability disclosure policies? It’s true, and the average amount paid out for a critical vulnerability by HackerOne Bug Bounty customers is $1,923 in 2017. These stats and many more are explored and explained in The Hacker-Powered Security Report, our most recent deep dive into the data from more than 800 programs that have resolved nearly 50,000 security vulnerabilities with our hacker-powered security platform. Tue, 27 Jun 2017 07:00:00 -0700 luke https://hackerone.com/blog/The-Hacker-Powered-Security-Report-Insights-from-Over-800-Programs Qualcomm's Alex Gantman on Bug Bounties https://www.hackerone.com/blog/qualcomms-alex-gantman-on-bug-bounties From smart refrigerators in your kitchen to cardiac monitors in a hospital, Qualcomm’s processors, modems, and other wireless technologies are powering the world of connected devices. But as the number of those devices continues to explode—to as many as 20 billion by 2020—the focus on security becomes more prominent. Thu, 22 Jun 2017 09:00:00 -0700 luke https://hackerone.com/blog/qualcomms-alex-gantman-on-bug-bounties Getting to know the HackerOne triage team with Zach Dando https://www.hackerone.com/blog/Getting-to-know-the-HackerOne-triage-team-with-Zach-Dando If triaging vulnerability reports was a martial art, Zach Dando would be sensei master. Zach runs the triage team at HackerOne and we recently sent some questions his way to glean insight into how he has HackerOne’s Security Analysts clicking on all cylinders.   Tue, 20 Jun 2017 08:00:00 -0700 luke https://hackerone.com/blog/Getting-to-know-the-HackerOne-triage-team-with-Zach-Dando GitHub Embraces Hacker-Powered Security To Protect 55 Million Projects https://www.hackerone.com/blog/GitHub-Embraces-Hacker-Powered-Security-To-Protect-55-million-projects You’ve probably heard of GitHub, but you might not know they support more than 20 million people learning, sharing, and working together on more than 55 million projects. Yeah, that’s a lot...and a lot of responsibility on GitHub’s part to ensure the safety and security of their customers’ data. Thu, 15 Jun 2017 10:00:00 -0700 luke https://hackerone.com/blog/GitHub-Embraces-Hacker-Powered-Security-To-Protect-55-million-projects How To: Server-Side Request Forgery (SSRF) https://www.hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF Server-Side Request Forgery, SSRF for short, is a vulnerability class that describes the behavior of a server making a request that’s under the attacker’s control. This post will go over the impact, how to test for it, the potential pivots, defeating mitigations, and caveats.<br /> <br /> Wed, 14 Jun 2017 11:00:00 -0700 Jobert Abma https://hackerone.com/blog-How-To-Server-Side-Request-Forgery-SSRF It’s Phab-tastic! HackerOne integrates with Phabricator https://www.hackerone.com/blog/hackerone-integrates-with-phabricator Tue, 13 Jun 2017 09:00:00 -0700 johnk https://hackerone.com/blog/hackerone-integrates-with-phabricator The $30,000 Gem: Part 1 https://www.hackerone.com/blog/the-30-thousand-dollar-gem-part-1 Opening your database to the world is a scary thought! But that’s exactly what we wanted to do by implementing a GraphQL endpoint. Feeling stuck with the classic REST-ish JSON API, there were a multitude of problems that we were looking to get rid of. Thu, 08 Jun 2017 07:00:00 -0700 siebejan https://hackerone.com/blog/the-30-thousand-dollar-gem-part-1 GitLab's Brian Neel on Secure Software Development and Bug Bounties https://www.hackerone.com/blog/Gitlab-brian-neel-on-secure-software-development-and-bug-bounties Brian Neel, GitLab’s Security Lead, looks at how the software security apparatus has grown over time, and how hacker-powered security has become a critical component for GitLab and other companies like them. Thu, 01 Jun 2017 09:00:00 -0700 luke https://hackerone.com/blog/Gitlab-brian-neel-on-secure-software-development-and-bug-bounties Put Your Security to the Test: Introducing HackerOne Challenge https://www.hackerone.com/blog/introducing-hackerone-challenge Today we launch a new product, designed for every security team that runs periodic testing of web applications.<br /> Thu, 18 May 2017 08:00:00 -0700 Soufiane Houri https://hackerone.com/blog/introducing-hackerone-challenge Q&A with WordPress Security Team Lead, Aaron Campbell https://www.hackerone.com/blog/Q-and-A-with-Wordpress-security-team-lead-aaron-campbell Learn more about WordPress and their approach to bug bounties and security from Aaron Campbell, Security Team Lead at WordPress. Tue, 16 May 2017 09:00:00 -0700 luke https://hackerone.com/blog/Q-and-A-with-Wordpress-security-team-lead-aaron-campbell Register Now to Hack the US Air Force https://www.hackerone.com/blog/Register-Now-to-Hack-the-US-Air-Force Hackers, do you have what it takes to hack the U.S. Air Force? Register now to participate in the Department of Defense&#039;s largest bug bounty challenge to date. Mon, 15 May 2017 08:00:00 -0700 johnk https://hackerone.com/blog/Register-Now-to-Hack-the-US-Air-Force The Visual Guide to Bug Bounty Success https://www.hackerone.com/blog/The-Visual-Guide-to-Bug-Bounty-Success We have created the most comprehensive, educational, practical, and valuable resource ever about the ins and outs of running a successful bug bounty program and now we&#039;ve turned it into a simple one-page graphic. Thu, 11 May 2017 08:00:00 -0700 luke https://hackerone.com/blog/The-Visual-Guide-to-Bug-Bounty-Success HackerOne’s Approach to Triage https://www.hackerone.com/blog/HackerOne-Approach-to-Triage Triage is critical to any vulnerability disclosure process or bug bounty program. Similar to triaging in a hospital emergency room, it’s crucial that issues are diagnosed as soon as they arrive. Tue, 09 May 2017 07:00:00 -0700 Jobert Abma https://hackerone.com/blog/HackerOne-Approach-to-Triage Bug Bounty Programs - Why Should I Care? https://www.hackerone.com/blog/bug-bounty-programs-why-should-i-care Every digital company has software vulnerabilities, and they get terribly expensive in case of a breach. Traditional methods of finding vulnerabilities are slow and costly. Bug bounty programs find vulnerabilities quickly, broadly and deeply thanks to clever testing from the outside by a large community of security researchers and ethical hackers. Mon, 08 May 2017 15:00:00 -0700 luke https://hackerone.com/blog/bug-bounty-programs-why-should-i-care Ethical considerations of access to the HackerOne community https://www.hackerone.com/blog/ethical-considerations-of-access-to-the-HackerOne-community We believe every organization that creates connected technology needs a Vulnerability Disclosure Policy. This rings especially true wherever a security incident would place the safety of others in jeopardy. Thu, 04 May 2017 09:00:00 -0700 johnk https://hackerone.com/blog/ethical-considerations-of-access-to-the-HackerOne-community HackerOne and JIRA integration update: more improvements, fewer clicks https://www.hackerone.com/blog/hackerone-and-jira-integration-update-more-improvements-fewer-clicks More good news around making simple cross-platform tasks even easier - specifically, we’ve got three updates that improve ease-of-use and two-way integration: HackerOne for JIRA via the Atlassian Marketplace, One-click JIRA issue creation in HackerOne, and stronger two-way communication. Tue, 02 May 2017 06:00:00 -0700 johnk https://hackerone.com/blog/hackerone-and-jira-integration-update-more-improvements-fewer-clicks Announcing The Largest DoD bug bounty challenge ever: Hack The Air Force https://www.hackerone.com/blog/announcing-the-largest-dod-bug-bounty-challenge-ever-hack-the-air-force The Air Force is asking hackers to take their best shot following the success of Hack the Pentagon and Hack the Army bug bounty challenges. Wed, 26 Apr 2017 12:30:00 -0700 luke https://hackerone.com/blog/announcing-the-largest-dod-bug-bounty-challenge-ever-hack-the-air-force Zero Daily Newsletter: Fun, yet informative, AppSec, bug bounty, and hacker news https://www.hackerone.com/blog/Zero-Daily-Newsletter Read the news every day, and check the usual websites? Want to get your industry news and have a little humor dashed in? With Zero Daily you can have your cake and eat it too: we include links and brief sound bites on some of the top news in application security, bug bounty, and hacker topics but with a fun and non-markety flair. <br /> Thu, 20 Apr 2017 07:00:00 -0700 luke https://hackerone.com/blog/Zero-Daily-Newsletter More Hardware, More Problems https://www.hackerone.com/blog/more-hardware-more-problems Bounties are for hardware, too. Microwaves notwithstanding, there is an increasing amount of connected technology in our homes, cars, and workplaces. Unfortunately, each of them comes with more and more potential vulnerabilities. Wed, 12 Apr 2017 07:00:00 -0700 luke https://hackerone.com/blog/more-hardware-more-problems Bug fixes just got a little easier; HackerOne introduces bi-directional JIRA integration https://www.hackerone.com/blog/bug-fixes-just-got-easier-hackerone-introduces-bi-directional-jira-integration It’s now possible to view updates on JIRA issues right inside your HackerOne Reports. The two-way integration means that whenever a JIRA issue changes state, an internal comment is posted on the appropriate HackerOne Report. No more going back and forth between JIRA and HackerOne!<br /> <br /> Fri, 07 Apr 2017 08:00:00 -0700 luke https://hackerone.com/blog/bug-fixes-just-got-easier-hackerone-introduces-bi-directional-jira-integration Q&A with Top Hacker Geekboy https://www.hackerone.com/blog/top-hacker-geekboy-questions-and-answers-at-nullcon Whether he’s uncovering weirdness in Uber’s app, sharing savvy how-to’s in his blog, or working out issues for AirBnB, Geekboy is hot like fire. He’s number three on our leaderboard and his signal rank is in the 90th percentile! <br /> <br /> We caught up with Geekboy in Goa at Nullcon and here are some of his thoughts on cool bugs, Burp Suite and Bountycraft, among other things. Tue, 04 Apr 2017 09:00:00 -0700 luke https://hackerone.com/blog/top-hacker-geekboy-questions-and-answers-at-nullcon Tapping Hackers for Continuous Security https://www.hackerone.com/blog/Tapping-Hackers-for-Continuous-Security Last week, I attended the FinDEVr conference in New York City. The 2-day conference is focused on the technology aspect of fintech. Attendees ranged from financial institutions to data analytics startups coming from places like Canada, the U.K, and all across the U.S. At the conference, I gave a talk titled “Tapping Hackers for Continuous Security”. Here’s a recap of the topics I addressed. Fri, 31 Mar 2017 09:00:00 -0700 luke https://hackerone.com/blog/Tapping-Hackers-for-Continuous-Security Bug Bounty Field Manual: The Definitive Guide for Planning, Launching, and Operating a Successful Bug Bounty Program https://www.hackerone.com/blog/the-bug-bounty-field-manual Writing the Bug Bounty Field Manual was a herculean task. Just ask Adam Bacchus, the distinguished author of this manual. But as he’ll tell you, it was also an incredibly enjoyable piece to write. Thu, 23 Mar 2017 06:00:00 -0700 luke https://hackerone.com/blog/the-bug-bounty-field-manual H1-415 Live Hacking Event Delivers to Customers, Community, and Hackers https://www.hackerone.com/blog/H1-415-Hackathon-Delivers-to-Customers-Community-and-Hackers Just a few short weeks ago, an elite group of hackers huddled in conference rooms in a San Francisco high-rise, spending a day hunting software bugs for Airbnb and Shopify. Down the hall, eager groups of students from middle school to college were on hand to interact, learn, and amplify their interest in security and technology for hacking 101 workshops put on my elite hackers. Mon, 20 Mar 2017 09:00:00 -0700 luke https://hackerone.com/blog/H1-415-Hackathon-Delivers-to-Customers-Community-and-Hackers Introducing CWE-based Weaknesses https://www.hackerone.com/blog/Introducing-CWE-based-Weaknesses HackerOne updated their vulnerability taxonomy to include a more complete weakness suite based on the industry-standard Common Weakness Enumeration (CWE). Thu, 16 Mar 2017 19:00:00 -0700 pei https://hackerone.com/blog/Introducing-CWE-based-Weaknesses Intel launches its first bug bounty program https://www.hackerone.com/blog/Intel-launches-its-first-bug-bounty-program Our friends at Intel have an exciting announcement! Their bug bounty program is live. Wed, 15 Mar 2017 11:45:00 -0700 johnk https://hackerone.com/blog/Intel-launches-its-first-bug-bounty-program HackerOne, Bountycraft, and Nullcon https://www.hackerone.com/blog/HackerOne-Bountycraft-and-Nullcon Around the world in seven days! My name’s Adam Bacchus, Chief Bounty Officer of HackerOne, and I’m here to tell you about the adventures I had in India this March presenting at Nullcon, Bounty Craft on “Bug Bounty Reports - How Do They Work?”. Mon, 13 Mar 2017 09:00:00 -0700 luke https://hackerone.com/blog/HackerOne-Bountycraft-and-Nullcon Q&A with 13-year old Hacker Ahsan Tahir https://www.hackerone.com/blog/Q%26A-with-13-year-old-Hacker-Ahsan-Tahir What were you doing when you were 13-years old? Doubtful you were a recognized Microsoft researcher with Hall of Fame status at Google, Venris and others. <br /> <br /> Meet Ahsan Tahir. <br /> <br /> At 13, Ahsan is a curious, committed hacker and security consultant living and working in Pakistan. We had the chance to talk shop with him about a bunch of topics, including his recommendations for companies that are putting together vulnerability reporting and bug bounty programs.<br /> Fri, 03 Mar 2017 13:28:00 -0800 luke https://hackerone.com/blog/Q%26A-with-13-year-old-Hacker-Ahsan-Tahir Rockstar Games Launches Public HackerOne Bug Bounty Program https://www.hackerone.com/blog/Rockstar-Games-Launches-Public-HackerOne-Bug-Bounty-Program As the creators of the Grand Theft Auto series, Red Dead Redemption and many more, Rockstar Games knows that the security of its systems and data is a top priority. Thu, 02 Mar 2017 06:00:00 -0800 johnk https://hackerone.com/blog/Rockstar-Games-Launches-Public-HackerOne-Bug-Bounty-Program HackerOne Professional Free For Open Source Projects https://www.hackerone.com/blog/HackerOne-Professional-Free-For-Open-Source-Projects Here at HackerOne, open source runs through our veins. Our company, product, and approach is built-on, inspired by, and driven by open source and a culture of collaborative software development. As such, we want to give something back. Thu, 02 Mar 2017 06:00:00 -0800 johnk https://hackerone.com/blog/HackerOne-Professional-Free-For-Open-Source-Projects RSA stands for Really Sweet Activities: HackerOne recaps an epic week https://www.hackerone.com/blog/rsa-stands-for-really-sweet-activities-hackerone-recaps-an-epic-week A quick highlight reel of HackerOne’s week at RSA: hackathons, lightning talks, private parties, panels and more, oh my! Mon, 27 Feb 2017 11:00:00 -0800 luke https://hackerone.com/blog/rsa-stands-for-really-sweet-activities-hackerone-recaps-an-epic-week Flexport leverages bug bounty programs to secure their customers highly confidential shipping data https://www.hackerone.com/blog/Flexport-leverages-bug-bounty-programs-to-secure-their-customers-highly-confidential-shipping-data Uber of the oceans, Flexport, leverages bug bounty programs to secure their customers highly confidential shipping data. Thu, 23 Feb 2017 12:31:00 -0800 luke https://hackerone.com/blog/Flexport-leverages-bug-bounty-programs-to-secure-their-customers-highly-confidential-shipping-data The best security initiative you can take in 2017 https://www.hackerone.com/blog/The-best-security-initiative-you-can-take-in-2017 As CEO of HackerOne, I am thrilled to confirm that, as part of our rapid growth, we have strengthened our balance sheet with a $40 million series C investment round led by Dragoneer Investment Group. We have the skills, the hackers, the platform, the services, the people and the funds to empower the entire world to build a safer internet. Wed, 08 Feb 2017 05:00:00 -0800 johnk https://hackerone.com/blog/The-best-security-initiative-you-can-take-in-2017 Bug Bounties Help Keepsafe Secure The Data of 50 Million Consumers https://www.hackerone.com/blog/Bug-Bounties-Help-Keepsafe-Secure-The-Data-of-50-million-consumers Keepsafe is on a mission to help us keep our private lives as they should be - private. Bug bounties are a big part of that strategy. We chat with Co-founder and CTO at KeepSafe on their bug bounty program on HackerOne. Thu, 26 Jan 2017 09:10:27 -0800 Anonymous https://hackerone.com/blog/Bug-Bounties-Help-Keepsafe-Secure-The-Data-of-50-million-consumers Hack The Army Results Are In https://www.hackerone.com/blog/Hack-The-Army-Results-Are-In The most ambitious Federal bug bounty program to date, Hack the Army, targeted operationally significant websites including those mission critical to recruiting. See the full results of the program! Thu, 19 Jan 2017 14:28:28 -0800 Anonymous https://hackerone.com/blog/Hack-The-Army-Results-Are-In Q&A With PortSwigger's James Kettle: Bug Bounties, Exploit Stories, and More! https://www.hackerone.com/blog/Chat-With-Burp-Suite-About-Their-Bug-Bounty-Story We sat down with James Kettle, PortSwigger’s Head of Research, to get the scoop on their public bounty program, and to learn how clarity helps keep their hackers happy. Make sure and stick around til the end where company founder Dafydd Stuttard explains the meaning behind their company and product name! Thu, 19 Jan 2017 08:30:04 -0800 Anonymous https://hackerone.com/blog/Chat-With-Burp-Suite-About-Their-Bug-Bounty-Story Dear McDonalds, Where's Your Security@? https://www.hackerone.com/blog/dear-mcdonalds-wheres-your-security-at Introducing Email Forwarding, have security@ emails forwarded to your HackerOne Inbox as a new report. Wed, 18 Jan 2017 11:42:30 -0800 Anonymous https://hackerone.com/blog/dear-mcdonalds-wheres-your-security-at Advanced Workflows with Inbox Views https://www.hackerone.com/blog/advanced-workflows-with-inbox-views Programs on HackerOne can now customize the Views in their Inbox to accommodate more advanced vulnerability disclosure workflows. Tue, 17 Jan 2017 17:25:33 -0800 Anonymous https://hackerone.com/blog/advanced-workflows-with-inbox-views A Bountiful Year: Top Bugs and Hacktivity Highlights in 2016 https://www.hackerone.com/blog/a-bountiful-year-top-bugs-and-hacktivity-highlights-in-2016 What a wild ride it was for Hacktivity in 2016! Let’s reflect on some of the major trends and patterns in our hacker community as seen through the eyes of Hacktivity. Thu, 12 Jan 2017 11:23:16 -0800 Anonymous https://hackerone.com/blog/a-bountiful-year-top-bugs-and-hacktivity-highlights-in-2016 Is Virtual Reality Ripe for Cyber Attacks? https://www.hackerone.com/blog/Is-Virtual-Reality-Ripe-for-Cyber-Attacks 2017 may be the year Virtual Reality and Augmented reality truly go mainstream. But is it airtight from a security perspective? Thu, 05 Jan 2017 08:26:43 -0800 Anonymous https://hackerone.com/blog/Is-Virtual-Reality-Ripe-for-Cyber-Attacks Together We Hit Harder HackerOne Company Values https://www.hackerone.com/blog/Together-We-Hit-Harder-HackerOne-Company-Values All of us HackerOnies are driven by a passion for our mission, and a strong urge to work together to make the world a better place. We recently held our inaugural all-company meeting where we built on top of this mission, documenting the values we embrace. <br /> Tue, 03 Jan 2017 08:35:33 -0800 Anonymous https://hackerone.com/blog/Together-We-Hit-Harder-HackerOne-Company-Values Celebrating Alongside Yelp: Reaching The 100 Day Milestone of Their Public Bug Bounty Program https://www.hackerone.com/blog/Celebrating-Alongside-Yelp-100-Day-Milestone Approximately 100 days ago, Yelp flipped the switch from being a private bug bounty program on HackerOne, to a public program. Tue, 20 Dec 2016 12:18:11 -0800 Anonymous https://hackerone.com/blog/Celebrating-Alongside-Yelp-100-Day-Milestone Hacker Herding - Bug Bounty Tips from Sky Betting & Gaming https://www.hackerone.com/blog/Hacker-Herding-Bug-Bounty-Tips Sky Betting &amp; Gaming knows a few things about running a bug bounty program. They recently launched their own bug bounty program and shared some tips. Thu, 15 Dec 2016 07:59:10 -0800 Anonymous https://hackerone.com/blog/Hacker-Herding-Bug-Bounty-Tips How much is a bug worth? Introducing Bounty Statistics https://www.hackerone.com/blog/bounty-statistics We have collated the data from our 500+ bounty paying programs, and will show you the results every time you award a bounty! Tue, 13 Dec 2016 07:46:56 -0800 Anonymous https://hackerone.com/blog/bounty-statistics NINTENDO LAUNCHES VULNERABILITY REWARD PROGRAM FOR NINTENDO 3DS https://www.hackerone.com/blog/Nintendo-3ds-Launches-bug-bounty-program-on-HackerOne We’re pleased to share that Nintendo has publicly launched their Vulnerability Rewards Program for their top-selling 3DS gaming console! The folks at Nintendo have put together some pretty sweet rewards including a top bounty of $20,000 for valid critical security vulnerabilities. Mon, 05 Dec 2016 17:24:53 -0800 Anonymous https://hackerone.com/blog/Nintendo-3ds-Launches-bug-bounty-program-on-HackerOne Hacker Curiosity a Popular Topic @ Wired Security 2016 https://www.hackerone.com/blog/why-all-companies-should-hire-hackers-hackerone-wired-magazine HackerOne CTO Alex Rice explains that the safest software firms are those with the highest bug bounties at Wired Security 2016 Conference. Thu, 01 Dec 2016 02:43:11 -0800 Anonymous https://hackerone.com/blog/why-all-companies-should-hire-hackers-hackerone-wired-magazine Show Us Your Mad Skillz! Introducing Hacker Skills https://www.hackerone.com/blog/Introducing-Hacker-Skills Hackers can now identify their skills by submitting relevant reports which are verified by HackerOne. Tue, 22 Nov 2016 09:06:08 -0800 Anonymous https://hackerone.com/blog/Introducing-Hacker-Skills Hackers Wanted: Hack the Army & Pentagon! https://www.hackerone.com/blog/hackers-wanted-hack-the-army-and-pentagon Hackers we have big news from our partners at the Pentagon! The DoD is announcing their Vulnerability Disclosure Policy and registration is open to sign up for the opportunity to hack the U.S. Army! Mon, 21 Nov 2016 09:04:38 -0800 Anonymous https://hackerone.com/blog/hackers-wanted-hack-the-army-and-pentagon Qualcomm Launches Bug Bounty Program https://www.hackerone.com/blog/Qualcomm-launches-bug-bounty-program Qualcomm is the world leader in 3G and 4G technologies helping power your smartphones, among other things, and today we’re excited to announce the launch of their invite-only bug bounty program on HackerOne. Thu, 17 Nov 2016 05:17:45 -0800 Anonymous https://hackerone.com/blog/Qualcomm-launches-bug-bounty-program Announcing HACK THE ARMY https://www.hackerone.com/blog/announcing-hack-the-army Secretary of the Army, Eric Fanning, announced plans to launch the U.S. Army’s first ever bug bounty challenge in partnership with HackerOne. Fri, 11 Nov 2016 14:18:33 -0800 Anonymous https://hackerone.com/blog/announcing-hack-the-army API Update Announcement: Report State Changes and Submission Comments https://www.hackerone.com/blog/API-Update-Announcement-Report-State-Changes-and-Submission-Comments Get the scoop on the latest update to the HackerOne API with some slick new communication features. Thu, 10 Nov 2016 10:26:08 -0800 Anonymous https://hackerone.com/blog/API-Update-Announcement-Report-State-Changes-and-Submission-Comments Marten Mickos wants to let a million hackers loose on corporate America https://www.hackerone.com/blog/marten-mickos-wants-to-let-a-million-hackers-loose-on-corporate-america HackerOne CEO Marten Mickos sat down with the San Francisco Business Times to discuss bug bounty programs and working with the global hacker community. Wed, 09 Nov 2016 12:13:12 -0800 Anonymous https://hackerone.com/blog/marten-mickos-wants-to-let-a-million-hackers-loose-on-corporate-america Top Vulnerability Reports of Third Quarter, 2016 https://www.hackerone.com/blog/top-vulnerability-reports-of-3Q-2016 Great hackers write great reports that others want to read. See the top ones from last quarter. Fri, 28 Oct 2016 01:21:22 -0700 Anonymous https://hackerone.com/blog/top-vulnerability-reports-of-3Q-2016 A HackerOne Thanksgiving https://www.hackerone.com/blog/new-hacker-thanks Better way to give thanks to our amazing hackers by releasing a new and improved Thanks page on hacker profiles. Fri, 21 Oct 2016 15:27:00 -0700 Anonymous https://hackerone.com/blog/new-hacker-thanks What a week! - HackerOne at WIRED Security https://www.hackerone.com/blog/HackerOne-at-WIRED-Security HackerOne CTO spoke at WIRED Security this week. His message, “If you can&#039;t beat &#039;em, get &#039;em to join you!” <br /> Fri, 21 Oct 2016 11:57:00 -0700 Anonymous https://hackerone.com/blog/HackerOne-at-WIRED-Security Introducing Policy Change Notifications https://www.hackerone.com/blog/policy-change-notifications Today, we&#039;re making it even easier to never miss a policy change. You now have the ability to be notified whenever the policy of a certain program changes. Fri, 21 Oct 2016 06:30:00 -0700 Anonymous https://hackerone.com/blog/policy-change-notifications HACK THE PENTAGON AGAIN - AND AGAIN https://www.hackerone.com/blog/hack-the-pentagon-again-and-again The Department of Defense announced plans to expand upon the successful &quot;Hack the Pentagon&quot; bug bounty pilot launched earlier this year with HackerOne and Synack. Thu, 20 Oct 2016 10:44:00 -0700 Anonymous https://hackerone.com/blog/hack-the-pentagon-again-and-again Announcing Hack The World 2016 Winners https://www.hackerone.com/blog/hack-the-world-2016-winners After a feverish Hack The World 2016 competition, it is time to unveil the winners. We were amazed and inspired by the incredible work helping to make the Internet safer Thu, 20 Oct 2016 03:00:00 -0700 Anonymous https://hackerone.com/blog/hack-the-world-2016-winners [CRITICAL!!] Introducing Severity (CVSS) https://www.hackerone.com/blog/introducing-severity-cvss You can now assign vulnerability severity utilizing the Common Vulnerability Scoring Standard (CVSS). Wed, 05 Oct 2016 20:46:00 -0700 Anonymous https://hackerone.com/blog/introducing-severity-cvss Bug Bounty Programs Taking Off! https://www.hackerone.com/blog/Bug-bounty-programs-taking-off Bug bounty programs are revolutionizing the security industry and becoming an indispensable part of the modern software development lifecycle. You get useful results in the first 24 hours, and your program keeps producing results for years. We are coming out of Q3 with flying colors. HackerOne is by far the world’s largest marketplace for white hat hackers helping organizations to find flaws in their systems. Tue, 04 Oct 2016 07:48:00 -0700 Anonymous https://hackerone.com/blog/Bug-bounty-programs-taking-off Hacker Hall of Fame Blog: Mark Litchfield “mlitchfield” https://www.hackerone.com/blog/Hacker-Hall-of-Fame-Blog-Mark-Litchfield-mlitchfield This blog is part of an interview series with top bug bounty hackers. Today, we are featuring Mark Litchfield who made history last month as the first hacker to earn over $500,000 USD in bug bounties on HackerOne. Wed, 28 Sep 2016 02:00:00 -0700 Anonymous https://hackerone.com/blog/Hacker-Hall-of-Fame-Blog-Mark-Litchfield-mlitchfield Pikachu, I choose you: Assign users with HackerOne API https://www.hackerone.com/blog/pikachu-i-choose-you-assign-users-with-hackerone-api Today, we’re taking the next step towards a better integration with your existing tools. Now teams can assign reports to team members using the API. Mon, 26 Sep 2016 14:34:00 -0700 Anonymous https://hackerone.com/blog/pikachu-i-choose-you-assign-users-with-hackerone-api Bug Bounty First Impressions https://www.hackerone.com/blog/bug-bounty-first-impressions First impressions can be everything. Here are tips for putting your best foot forward in the first few weeks of your bug bounty program. Thu, 22 Sep 2016 01:32:00 -0700 Anonymous https://hackerone.com/blog/bug-bounty-first-impressions Fact or Fiction: Mr. Robot - eps2.7init5.fve https://www.hackerone.com/blog/Fact-or-Fiction-Mr-Robot-eps2-7init5-fve HackerOne’s second edition of “Fact or Fiction,” where we review hacker entertainment and talk about how realistic (or not!) they are. This week, we’ll be discussing Mr. Robot eps2.7init5.fve. Fri, 16 Sep 2016 10:47:00 -0700 Anonymous https://hackerone.com/blog/Fact-or-Fiction-Mr-Robot-eps2-7init5-fve Hack The World 2016: The Final Countdown https://www.hackerone.com/blog/Hack-The-World-Final-Countdown The Hack the World bug bounty contest concludes on September 19th 2016. Get your reports in now! Thu, 15 Sep 2016 10:34:00 -0700 Anonymous https://hackerone.com/blog/Hack-The-World-Final-Countdown The 2016 Bug Bounty Hacker Report https://www.hackerone.com/blog/hacker-surey-report-2016 Who are these white hat hackers that are reporting vulnerabilities to companies? HackerOne created the 2016 Bug Bounty Hacker Report to share insights about the hacker community and to give hackers the exposure deserved as vital actors in our modern digital society. Tue, 13 Sep 2016 12:27:00 -0700 Anonymous https://hackerone.com/blog/hacker-surey-report-2016 Fact or Fiction: Mr. Robot - eps2.6succ3ss0r.p12 https://www.hackerone.com/blog/Fact-or-Fiction-Mr-Robot-eps2-6succ3ss0r-p12 HackerOne’s first edition of “Fact or Fiction,” where we review shows and talk about how realistic (or not!) they are. This week, we’ll be discussing Mr. Robot eps2.6succ3ss0r.p12. Wed, 07 Sep 2016 10:17:00 -0700 Anonymous https://hackerone.com/blog/Fact-or-Fiction-Mr-Robot-eps2-6succ3ss0r-p12 Introducing Report Templates https://www.hackerone.com/blog/Introducing-Report-Templates Now security teams can create their own custom Report Templates for hackers. Thu, 01 Sep 2016 10:01:00 -0700 Anonymous https://hackerone.com/blog/Introducing-Report-Templates Hacker Hall of Fame Blog: Nathaniel Wakelam “nnwakelam” https://www.hackerone.com/blog/Hacker-Hall-of-Fame-Blog-Nathaniel-Wakelam This blog is part of a series highlighting top hackers on HackerOne. In this first post, we are thrilled to highlight, nnwakelam! Wed, 31 Aug 2016 09:50:00 -0700 Anonymous https://hackerone.com/blog/Hacker-Hall-of-Fame-Blog-Nathaniel-Wakelam How2Hack - Get Started Hacking Mobile https://www.hackerone.com/blog/How-to-Hack-Get-Started-Hacking-Mobile A beginners guide to set up a pen testing environment for mobile application. Tue, 30 Aug 2016 10:07:00 -0700 Anonymous https://hackerone.com/blog/How-to-Hack-Get-Started-Hacking-Mobile Top 5 Most Viewed Reports For Q2 2016 https://www.hackerone.com/blog/top-5-most-viewed-reports-of-2q-2016 What were the top five most viewed public vulnerability reports on HackerOne in the second quarter of 2016? Read to find out! Fri, 26 Aug 2016 01:00:00 -0700 Anonymous https://hackerone.com/blog/top-5-most-viewed-reports-of-2q-2016 Ask Us Anything! Thurs 25th August 2016 https://www.hackerone.com/blog/ama Ask HackerOne anything on Thursday 25th August 2016 at 9am Pacific. Mon, 22 Aug 2016 09:06:00 -0700 Anonymous https://hackerone.com/blog/ama Hack, Learn, Earn, with a Free E-Book https://www.hackerone.com/blog/Hack-Learn-Earn-with-a-Free-E-Book We want our hackers to be successful and are giving away a free copy of Peter Yaworski’s excellent Web Hacking 101 e-book. Thu, 18 Aug 2016 09:02:00 -0700 Anonymous https://hackerone.com/blog/Hack-Learn-Earn-with-a-Free-E-Book mlitchfield Earned $500,000 on HackerOne https://www.hackerone.com/blog/mlitchfield-Earned-500000-on-HackerOne We are excited to announce that as of today, mlitchfield has earned $500,000 in total bug bounties on HackerOne! Wed, 17 Aug 2016 15:07:00 -0700 Anonymous https://hackerone.com/blog/mlitchfield-Earned-500000-on-HackerOne Viva Hack Vegas - Bug Bounty Hackathon https://www.hackerone.com/blog/Viva-Hack-Vegas-Bug-Bounty-Hackathon HackerOne hosted a live bug bounty event with Zenefits, Snapchat and Panasonic Avionics. Hackers earned more than $150,000 in bounties for over 225 reported vulnerabilities. Tue, 16 Aug 2016 09:01:00 -0700 Anonymous https://hackerone.com/blog/Viva-Hack-Vegas-Bug-Bounty-Hackathon Bug Bounty or Bust! Crafting Your Security Page https://www.hackerone.com/blog/Bug-Bounty-or-Bust-Crafting-Your-Security-Page Here are our top five rules for creating an excellent bug bounty security page. Outlining a crystal clear scope helps hackers know what is (and is not!) going to net them a bounty. Transparency between hackers and security teams is vital to a successful bug bounty program. Wed, 10 Aug 2016 09:52:00 -0700 Anonymous https://hackerone.com/blog/Bug-Bounty-or-Bust-Crafting-Your-Security-Page Hack The World: An Update https://www.hackerone.com/blog/Hack-The-World-An-Update Let’s get a quick update on the Hack the World competition and see how things are progressing. Tue, 02 Aug 2016 00:50:00 -0700 Anonymous https://hackerone.com/blog/Hack-The-World-An-Update Hacker Movies We Love: Hackers https://www.hackerone.com/blog/Hacker-Movies-We-Love-Hackers Hacker cinema from the 1990’s upon original release, were criticized as being “dubious,” “unrealistic,” and “implausible.” Today, we’ll be looking at the movie “Hackers” and evaluating whether it was ahead of its time or just Hollywood pixie dust.<br /> Thu, 28 Jul 2016 11:12:00 -0700 Anonymous https://hackerone.com/blog/Hacker-Movies-We-Love-Hackers HackerOne Hall of Fame - Sean Melia “Meals” https://www.hackerone.com/blog/Hacker-Hall-of-Fame-Meals This post is the first in a series highlighting top hackers on HackerOne. These hall-of-famers are extremely talented bug hunters and continuously dominate the leaderboards and thanks pages. In this first post, we are thrilled to highlight, Meals! <br /> Wed, 27 Jul 2016 09:18:00 -0700 Anonymous https://hackerone.com/blog/Hacker-Hall-of-Fame-Meals How To Hunt For Injection Vulnerabilities' OR 1='1 https://www.hackerone.com/blog/how-to-hunt-for-injection-vulnerabilities This blog post will give you more insights about how injection vulnerabilities work, and how you can use that knowledge to find more bugs. Thu, 21 Jul 2016 10:57:00 -0700 Anonymous https://hackerone.com/blog/how-to-hunt-for-injection-vulnerabilities Announcing Hack The World 2016 Competition https://www.hackerone.com/blog/hack-the-world Announcing our Hack The World 2016 hacker competition running from July 20th 2016 to September 19th 2016. Wed, 20 Jul 2016 08:46:00 -0700 Anonymous https://hackerone.com/blog/hack-the-world Bug Bounty Reports - How Do They Work? https://www.hackerone.com/blog/how-bug-bounty-reports-work Better bug reports = better relationships = better bounties! Whether you are new to bounty programs or a bounty veteran, these tips on how to write good reports are useful for everyone! <br /> Tue, 19 Jul 2016 09:32:00 -0700 Anonymous https://hackerone.com/blog/how-bug-bounty-reports-work Never Miss A Policy Change https://www.hackerone.com/blog/policy-versioning Today we are launching Policy Diffing. On every single team page, you will now be able to see when the policy was last changed, and you will be able to see all policy changes for the program. <br /> Fri, 15 Jul 2016 02:00:00 -0700 Anonymous https://hackerone.com/blog/policy-versioning Hacktivity Highlights: XSS via SVG https://www.hackerone.com/blog/Hacktivity-Highlights%3A-XSS-via-SVG Welcome to episode #1 of our Hacktivity Highlights blog series where we take a closer look at top publicly disclosed vulnerability report.<br /> Thu, 14 Jul 2016 09:44:00 -0700 Anonymous https://hackerone.com/blog/Hacktivity-Highlights%3A-XSS-via-SVG Edit a Report's Vulnerability Types https://www.hackerone.com/blog/edit-vulnerability-types Now security teams can edit the vulnerability types after the report has been submitted. With this improvement, teams can expect to have more accurate vulnerability data. Wed, 13 Jul 2016 02:00:00 -0700 Anonymous https://hackerone.com/blog/edit-vulnerability-types An Interview With HackerOne CEO, Mårten Mickos https://www.hackerone.com/blog/interview-with-marten-mickos Back in November 2015, HackerOne welcomed our new CEO, Mårten Mickos, to the ranks. A native Finn living in San Francisco, Mårten has a long history building successful companies. Tue, 12 Jul 2016 02:31:00 -0700 Anonymous https://hackerone.com/blog/interview-with-marten-mickos Disclosure Assistance Refresh https://www.hackerone.com/blog/discosure-assistance-refresh Ever stumbled upon a vulnerability, but had no idea how to share it with the affected organization? HackerOne can help! We’ve blogged about “Disclosure Assistance” before, but we wanted to talk about it again, as there have been some changes. Fri, 08 Jul 2016 05:45:00 -0700 Anonymous https://hackerone.com/blog/discosure-assistance-refresh Get Out the Vote! https://www.hackerone.com/blog/hacktivity-upvoting Upvote hacker activities and see what&#039;s popular on Hacktivity Wed, 22 Jun 2016 22:42:00 -0700 Anonymous https://hackerone.com/blog/hacktivity-upvoting "I am the greatest!" New HackerOne Quarterly Leaderboards https://www.hackerone.com/blog/hackerone-leaderboard The New HackerOne Leaderboard ranks reputation, signal and impact data in a simple tabular format. Tue, 21 Jun 2016 09:00:00 -0700 Anonymous https://hackerone.com/blog/hackerone-leaderboard What Was It Like To Hack the Pentagon? https://www.hackerone.com/blog/hack-the-pentagon-results The U.S. Federal Government’s first ever bug bounty program, managed by HackerOne, is now complete. Learn how it launched, what results came in, and what the Pentagon learned for the next bug bounty experience. Fri, 17 Jun 2016 05:00:00 -0700 Anonymous https://hackerone.com/blog/hack-the-pentagon-results Bug Bounty 5 Years In https://www.hackerone.com/blog/bug-bounty-5-years-in-uber-facebook Uber’s Collin Greene shares advice on on running a high quality bug bounty program from the mistakes made launching and leading the Facebook and Uber programs. This blog originally appeared on Medium.<br /> Thu, 16 Jun 2016 13:37:00 -0700 Anonymous https://hackerone.com/blog/bug-bounty-5-years-in-uber-facebook New Ways to Use HackerOne https://www.hackerone.com/blog/new-ways-to-use-hackerone Announcing new product editions - Professional, Enterprise and Security@. Along with HackerOne Managed and Pilots, the same HackerOne power can be tailored to every organization’s needs. Tue, 14 Jun 2016 05:32:00 -0700 Anonymous https://hackerone.com/blog/new-ways-to-use-hackerone How Bug Bounties Work: A Comic https://www.hackerone.com/blog/how-a-bug-bounty-works-comic Life is complicated, bug bounties should not be. Here’s a comic illustrating how bug bounty programs work by Fred Chung. Thu, 09 Jun 2016 09:11:00 -0700 Anonymous https://hackerone.com/blog/how-a-bug-bounty-works-comic ASUS Vulnerability Disclosure Déjà vu https://www.hackerone.com/blog/asus-vulnerability-disclosure-deja-vu Two years after a settlement with the FTC, has ASUS still not learned how to receive vulnerability reports from hackers? Last February, the Taiwanese hardware manufacturer, ASUS, and the Federal Trade Commission (FTC) settled charges that the manufacturer failed to protect consumers. Wed, 08 Jun 2016 12:35:00 -0700 Anonymous https://hackerone.com/blog/asus-vulnerability-disclosure-deja-vu Badges of Honor https://www.hackerone.com/blog/badger-badger-badger Now Hackers can earn even more on HackerOne! Introducing badges, now available on Hacker profiles in the badges sidebar. Tue, 07 Jun 2016 05:23:00 -0700 Anonymous https://hackerone.com/blog/badger-badger-badger 30 Corporations Commit To Working With Hackers https://www.hackerone.com/blog/30-corporations-commit-to-working-with-hackers Organizations that sign up for HackerOne all agree to our Disclosure Guidelines. This means that the Hacker community is protected against legal prosecution if they follow the guidelines. We wrote these Disclosure Guidelines when we started HackerOne because we believe that the hacker community should be protected when they have good intentions. These guidelines are designed to enable Hackers to proactively look for security bugs in our customers’ systems. Thu, 02 Jun 2016 15:41:00 -0700 Anonymous https://hackerone.com/blog/30-corporations-commit-to-working-with-hackers Announcing the HackerOne API https://www.hackerone.com/blog/launching-the-hackerone-api The first version of our API is now available! The API augments the HackerOne interface to empower you to build the best bug bounty programs. Wed, 01 Jun 2016 10:00:00 -0700 Anonymous https://hackerone.com/blog/launching-the-hackerone-api Hacker Movies We Love: Sneakers https://www.hackerone.com/blog/hacker-movies-we-love-sneakers There is nothing like revisiting a movie that was ahead of its time. Sneakers is one of these movies. Thu, 19 May 2016 09:00:00 -0700 Anonymous https://hackerone.com/blog/hacker-movies-we-love-sneakers Is Public Disclosure Right For You? https://www.hackerone.com/blog/public-disclosure-on-hackerone Public programs on HackerOne may publicly disclose vulnerabilities. Here’s how and why so many companies choose to add to body of security knowledge and help enable a safer Internet. Wed, 18 May 2016 03:00:00 -0700 Anonymous https://hackerone.com/blog/public-disclosure-on-hackerone Managing Expectations with Program Metrics https://www.hackerone.com/blog/vulnerability-program-metrics To help security programs manage the expectations of participating hackers, we are rolling out a new program metrics feature, to be displayed on individual Security@ pages. Wed, 11 May 2016 02:00:00 -0700 Anonymous https://hackerone.com/blog/vulnerability-program-metrics The HackerOne Success Index - Hacker Breadth and Depth https://www.hackerone.com/blog/Hacker-Breadth-and-Depth We explore Hacker Breadth and Depth with data from over 2,500 active hackers participating in hundreds of programs. Thu, 05 May 2016 02:00:00 -0700 Anonymous https://hackerone.com/blog/Hacker-Breadth-and-Depth 5 Ways to Attract Top Hackers To Your Bug Bounty Program https://www.hackerone.com/blog/5-ways-to-attract-top-hackers Talented hackers are the key ingredient for any successful bug bounty program. Here are five ways to attract them and improve your program. Mon, 02 May 2016 11:53:00 -0700 Anonymous https://hackerone.com/blog/5-ways-to-attract-top-hackers How to Become a Successful Bug Bounty Hunter https://www.hackerone.com/blog/become-a-successful-bug-bounty-hunter Anyone with computer skills and high degree of curiosity can become a successful finder of vulnerabilities. Here’s how I started. Thu, 21 Apr 2016 16:05:00 -0700 Anonymous https://hackerone.com/blog/become-a-successful-bug-bounty-hunter Top 5 Most Viewed Bugs of 2016 https://www.hackerone.com/blog/top-5-most-viewed-bugs-of-2016-so-far What bugs do people want to read about? These are the top 5 publicly disclosed bugs on HackerOne for 2016 to date. Fri, 15 Apr 2016 06:38:00 -0700 Anonymous https://hackerone.com/blog/top-5-most-viewed-bugs-of-2016-so-far 5 Things Top Bug Bounty Hunters Do Differently https://www.hackerone.com/blog/5-things-top-bug-bounty-hunters-do-differently This week, we had the pleasure of hosting 50 Belgian technology students, who were on a tour of Silicon Valley technology companies. We had the opportunity to share our experience as entrepreneurs, but mostly we discussed hacking and security because, that is what we live and breathe at HackerOne. Thu, 07 Apr 2016 07:06:00 -0700 Anonymous https://hackerone.com/blog/5-things-top-bug-bounty-hunters-do-differently You Received A Vulnerability Report, Now What? 6 Steps to Resolution https://www.hackerone.com/blog/vuln-report-steps-to-resolution When you discover a vulnerability, fixing it is not just a matter of applying a quick patch to solve the immediate problem. You also need to do a root cause analysis, delving deep into the foundation of the problem. While these might sound basic, even mature companies with sophisticated security methodologies sometimes overlook these six steps. Tue, 05 Apr 2016 06:57:00 -0700 Anonymous https://hackerone.com/blog/vuln-report-steps-to-resolution Hack the Pentagon Bug Bounty Program Launches on HackerOne https://www.hackerone.com/blog/pentagon-hackerone On Thursday, March 31, 2016, the Department of Defense, arguably the world&#039;s most powerful organization, announced it will partner with HackerOne for the &quot;Hack the Pentagon&quot; pilot program. Thu, 31 Mar 2016 06:53:00 -0700 Anonymous https://hackerone.com/blog/pentagon-hackerone Hacker Blogs We Love Reading https://www.hackerone.com/blog/hacker-blogs-we-love-reading Hackers in our community often share overviews of their security research in their blogs, and we love checking them out. In the spirit of sharing more hacker knowledge, we&#039;ve compiled a list of hacker blogs that we regularly read. HackerOne doesn&#039;t have any influence over the content contained in these blog posts. Tue, 29 Mar 2016 06:47:00 -0700 Anonymous https://hackerone.com/blog/hacker-blogs-we-love-reading 6 Ways to Build Great Relationships with Security Teams https://www.hackerone.com/blog/6-ways-to-build-great-relationships-with-security-teams One of the most common questions we get from hackers is &quot;How can I get along better with bounty admins or security teams?&quot; Here are general guidelines to help maximize your interaction with those on the other side of the security@ inbox. Thu, 24 Mar 2016 06:44:00 -0700 Anonymous https://hackerone.com/blog/6-ways-to-build-great-relationships-with-security-teams Uber Launches First of its Kind Hacker Loyalty Program with HackerOne Bonuses https://www.hackerone.com/blog/uber-launches-first-of-its-kind-hacker-loyalty-program-with-hackerone-bonuses We are excited to share that Uber is launching its public bug bounty program today on HackerOne. Additionally, Uber and HackerOne collaborated to create a new way of rewarding hackers called bonuses, which enables security teams to give additional monetary awards to hackers beyond initial bounties. The Uber loyalty program will utilize HackerOne bonuses for additional incentives in its public program. Tue, 22 Mar 2016 06:40:00 -0700 Anonymous https://hackerone.com/blog/uber-launches-first-of-its-kind-hacker-loyalty-program-with-hackerone-bonuses Environment Is Everything, and Other Tips For Your Open Source Project https://www.hackerone.com/blog/environment-is-everything-and-other-tips-for-your-open-source-project One of the most important things to be successful is creating a friendly and open environment, being responsive on issues and pull requests, and making time to manage the workload. Open source projects don&#039;t start as a community, but you can build one. Thu, 17 Mar 2016 17:00:00 -0700 Anonymous https://hackerone.com/blog/environment-is-everything-and-other-tips-for-your-open-source-project The Smell of Bug Bounty Dogfood in the Morning https://www.hackerone.com/blog/bug-bounty-hacker-vulnerability What happens when the very thing your company offers gets put to a surprise test? That&#039;s what happened to HackerOne last Friday when we shipped an unknown vulnerability that could have affected many of our customers. It was the ultimate dogfooding experience, and we&#039;ve chosen to share our story with you here. Wed, 16 Mar 2016 06:11:00 -0700 Anonymous https://hackerone.com/blog/bug-bounty-hacker-vulnerability Improving Public Bug Bounty Programs with Signal Requirements https://www.hackerone.com/blog/signal-requirements HackerOne improves the quality of vulnerability reports received in public bug bounty programs with Signal Requirements and Rate Limiter. Signal Requirements allow a company to set the threshold for Signal that hackers must reach in order to submit reports to them. The updated Rate Limiter provides hackers the opportunity to still participate in a limited way, even if they are below the Signal requirement. Tue, 15 Mar 2016 06:08:00 -0700 Anonymous https://hackerone.com/blog/signal-requirements Fair and Transparent Hacker Invitations https://www.hackerone.com/blog/fair-and-transparent-hacker-invitations We improved the hacker invitation system for private vulnerability coordination and bug bounty programs. The new system operates more transparently and ensures that top hackers are invited to more private programs. Thu, 10 Mar 2016 05:03:00 -0800 Anonymous https://hackerone.com/blog/fair-and-transparent-hacker-invitations Useful Online Resources for New Hackers https://www.hackerone.com/blog/resources-for-new-hackers Have you thought about becoming a hacker? Getting started is easier than you think. We&#039;ve curated some of the best resources to help you build skills, whether you&#039;re a beginner or looking to improve your hacker-craft. Tue, 08 Mar 2016 04:57:00 -0800 Anonymous https://hackerone.com/blog/resources-for-new-hackers The HackerOne Success Index - Response Efficiency https://www.hackerone.com/blog/response-efficiency A vital part of success in vulnerability coordination is quickly acknowledging, validating, and ultimately fixing submitted issues and recognizing the researcher&#039;s effort. Wed, 10 Feb 2016 04:48:00 -0800 Anonymous https://hackerone.com/blog/response-efficiency What Great Hackers Have in Common https://www.hackerone.com/blog/what-great-hackers-have-in-common Great hackers never curb their curiosity. Increased recognition of their contribution is helping more companies understand that they are a valued partner, not an adversary. Mon, 01 Feb 2016 04:44:00 -0800 Anonymous https://hackerone.com/blog/what-great-hackers-have-in-common Enterprise Security Spending on the Rise https://www.hackerone.com/blog/enterprise-security-spending-on-the-rise A recent study by 451 Research shows that security spending continues to be strong, with 44.5 percent of the 900 enterprise IT pros surveyed indicating they intend to increase their budgets during the next 90 days. Tue, 19 Jan 2016 04:42:00 -0800 Anonymous https://hackerone.com/blog/enterprise-security-spending-on-the-rise HackerOne 2015 Bounty Program Review and New $10K Minimum Bounty https://www.hackerone.com/blog/bug-bounty-review-2015 HackerOne reports results of its own bug bounty program for 2015, increases minimum bounty for severe vulnerabilities to $10K. Wed, 13 Jan 2016 04:37:00 -0800 Anonymous https://hackerone.com/blog/bug-bounty-review-2015 The HackerOne Success Index - Reward Competitiveness https://www.hackerone.com/blog/reward-competitiveness HackerOne describes the Reward Competitiveness dimension of the HackerOne Success Index. Wed, 06 Jan 2016 04:28:00 -0800 Anonymous https://hackerone.com/blog/reward-competitiveness Expanding Reputation: Introducing Signal and Impact https://www.hackerone.com/blog/introducing-signal-and-impact HackerOne releases new Signal and Impact metrics to better describe researcher report history. Signal is the average Reputation per report. Impact is the average Reputation per bounty. Fri, 18 Dec 2015 04:23:00 -0800 Anonymous https://hackerone.com/blog/introducing-signal-and-impact Happy Hacker Holiday Gift Guide https://www.hackerone.com/blog/happy-hacker-holiday-gift-guide Looking for the perfect holiday gift for the favorite hackers in your life? Whether their interests lie in building stuff, breaking stuff or (better yet) building cool stuff to break other stuff, the creativity of your fellow security researchers knows no bounds. Tue, 15 Dec 2015 04:18:00 -0800 Anonymous https://hackerone.com/blog/happy-hacker-holiday-gift-guide What Are Security Fails Really Costing Us? https://www.hackerone.com/blog/what-are-security-fails-really-costing-us The good news/bad news statistics are flowing this month as a smorgasbord of new security studies and reporting paint the current state of the union. Tue, 24 Nov 2015 04:15:00 -0800 Anonymous https://hackerone.com/blog/what-are-security-fails-really-costing-us The HackerOne Success Index - Vulnerabilities Fixed https://www.hackerone.com/blog/vulnerabilities-fixed HackerOne describes the Vulnerabilities Fixed dimension of the HackerOne Success Index. Mon, 23 Nov 2015 04:09:00 -0800 Anonymous https://hackerone.com/blog/vulnerabilities-fixed Mårten Mickos: Why I Joined HackerOne as CEO https://www.hackerone.com/blog/marten-mickos-why-i-joined-hackerone-as-ceo I am joining HackerOne as its CEO because the company is on an important mission for our connected society. Our world is increasingly networked, and as a result increasingly vulnerable. Securing our environment is not only important to preventing cybercrime, but also to defending basic human rights and freedoms. Wed, 11 Nov 2015 04:06:00 -0800 Anonymous https://hackerone.com/blog/marten-mickos-why-i-joined-hackerone-as-ceo 9 Security Thinkers Sound Off On CISA https://www.hackerone.com/blog/9-security-thinkers-sound-off-on-cisa The recent Senate approval of the Cybersecurity Information Sharing Act (CISA) has the very industry it&#039;s supposed to help abuzz with contention. Some believe the legislation is a good first step toward improving how the public and private sector share and analyze security threat indicators, enabling both sectors to more quickly react to new cyberattack patterns. Tue, 10 Nov 2015 04:01:00 -0800 Anonymous https://hackerone.com/blog/9-security-thinkers-sound-off-on-cisa November 2015 Feature Announcements https://www.hackerone.com/blog/announcing-new-hackerone-features-november-2015 HackerOne new feature announcements November 2015 include Improved Triggers, Automated Scanner Detection, SAML Support, and new Integrations. Mon, 09 Nov 2015 03:56:00 -0800 Anonymous https://hackerone.com/blog/announcing-new-hackerone-features-november-2015 411 for Hackers: Disclosure Assistance https://www.hackerone.com/blog/vulnerability-disclosure-assistance HackerOne introduces Disclosure Assistance to help hackers reach organizations that don&#039;t have official vulnerability reporting processes. Thu, 05 Nov 2015 03:47:00 -0800 Anonymous https://hackerone.com/blog/vulnerability-disclosure-assistance Measuring Success in Vulnerability Disclosure https://www.hackerone.com/blog/success-in-vulnerability-disclosure HackerOne introduces the HackerOne Success Index, a method to measure the effectiveness of HackerOne-powered vulnerability disclosure programs. Wed, 04 Nov 2015 01:51:00 -0800 Anonymous https://hackerone.com/blog/success-in-vulnerability-disclosure 6 Reasons Your Security Recruiting Sucks https://www.hackerone.com/blog/6-reasons-your-security-recruiting-sucks As we discussed in our previous blog, the security skills shortage may not be quite as real as some industry reports claim it to be. But that doesn&#039;t mean it&#039;s easy to recruit and retain talented professionals into the industry. It just means many organizations are blaming market dynamics for their own shortcomings. Tue, 27 Oct 2015 02:45:00 -0700 Anonymous https://hackerone.com/blog/6-reasons-your-security-recruiting-sucks Is There Really a Cybersecurity Skills Gap? https://www.hackerone.com/blog/is-there-really-a-cybersecurity-skills-gap Is there actually a &#039;brain drain&#039; or talent shortage in cybersecurity, or are there more fundamental problems in the industry? I posed these questions to a number of friends in the industry and the perspectives ran the gamut. Thu, 08 Oct 2015 02:42:00 -0700 Anonymous https://hackerone.com/blog/is-there-really-a-cybersecurity-skills-gap A Maturity Model for Vulnerability Coordination https://www.hackerone.com/blog/vulnerability-coordination-maturity-model HackerOne&#039;s Katie Moussouris explains the Vulnerability Disclosure Maturity Model, a way to help organizations measure, benchmark and improve their security vulnerability handling capabilities. Tue, 22 Sep 2015 02:34:00 -0700 Anonymous https://hackerone.com/blog/vulnerability-coordination-maturity-model August 2015 Feature Announcements https://www.hackerone.com/blog/announcing-new-hackerone-features-August-2015 HackerOne new feature announcements August 2015 include Group Permissions, Researcher Messaging, and Summarized Public Reports. Sat, 15 Aug 2015 02:28:00 -0700 Anonymous https://hackerone.com/blog/announcing-new-hackerone-features-August-2015 Security Leads Share Bug Bounty Program Tips https://www.hackerone.com/blog/bug-bounty-program-panel-tips HackerOne hosted a security panel, lead by Magoo, on bug bounty programs and we want to share some key takeaways with you. Fri, 31 Jul 2015 02:25:00 -0700 Anonymous https://hackerone.com/blog/bug-bounty-program-panel-tips 6 Tools Slated To Come Out Of Black Hat https://www.hackerone.com/blog/black-hat-2015-preview-6-tools-coming-out In anticipation of the show, here at Within Security we&#039;ve scoped out some of the top tools slated for release by researchers scheduled to talk at Mandalay. Fri, 31 Jul 2015 02:21:00 -0700 Anonymous https://hackerone.com/blog/black-hat-2015-preview-6-tools-coming-out Improving Signal Over 10,000 Bugs https://www.hackerone.com/blog/improving-signal-over-10000-bugs HackerOne reached the milestone of 10,000 bugs fixed on the platform, and we want to take this opportunity to share some interesting data behind how we have tackled the challenge of improving signal on the platform. Mon, 06 Jul 2015 02:12:00 -0700 Anonymous https://hackerone.com/blog/improving-signal-over-10000-bugs Building Security Programs for Tomorrow - HackerOne Announces $25M Series B https://www.hackerone.com/blog/building-security-programs-for-tomorrow We&#039;re excited to announce a $25 million Series B round of financing led by New Enterprise Associates (NEA) and several prominent angel investors, along with participation from existing investor, Benchmark. Wed, 24 Jun 2015 02:08:00 -0700 Anonymous https://hackerone.com/blog/building-security-programs-for-tomorrow Where's that Security@? https://www.hackerone.com/blog/wheres-that-security-at HackerOne is launching the Directory: a community-curated resource for identifying the best way to contact an organization&#039;s security team. Thu, 04 Jun 2015 02:00:00 -0700 Anonymous https://hackerone.com/blog/wheres-that-security-at Legally Blind and Deaf - How Computer Crime Laws Silence Helpful Hackers https://www.hackerone.com/blog/legally-blind-and-deaf A world wide war is being waged in which the most able-bodied soldiers are being discouraged from enlisting. It is an information security war, and hackers are the troops and the weapon designers that have the skills to shape our collective future, for good or for ill. Wed, 20 May 2015 08:04:00 -0700 Anonymous https://hackerone.com/blog/legally-blind-and-deaf Meet The Newest Member of the HackerOne Team: Stepto, Director of Hacker Success https://www.hackerone.com/blog/meet-stepto-hacker-success At HackerOne we believe in the power of the research community as an effective way to harden any attack surface. Encouraging, promoting and protecting security research has been integral to our mission since day one. As a key next step in fulfilling this commitment, we are thrilled to announce that Stepto has joined the HackerOne team as the Director of Hacker Success. Wed, 15 Apr 2015 06:33:00 -0700 Anonymous https://hackerone.com/blog/meet-stepto-hacker-success The Wolves of Vuln Street - The First System Dynamics Model of the 0day Market https://www.hackerone.com/blog/the-wolves-of-vuln-street HackerOne has been working with economics and policy researchers from MIT and Harvard to study the economic forces behind the 0day market. Here&#039;s what they found. Tue, 14 Apr 2015 06:41:00 -0700 Anonymous https://hackerone.com/blog/the-wolves-of-vuln-street What's in a Name? https://www.hackerone.com/blog/whats-in-a-name While there are many interpretations of the word &quot;hacker,&quot; we choose to pay homage to the original MIT hackers by using the term in our company name. We favor their early definition of a hacker: &quot;one who enjoys the intellectual challenge of creatively overcoming limitations.&quot; Thu, 26 Feb 2015 05:22:00 -0800 Anonymous https://hackerone.com/blog/whats-in-a-name Proposed Changes to the Computer Fraud and Abuse Act, Austin Powers, and You https://www.hackerone.com/blog/proposed-changes-to-the-cfaa Many security professionals, hackers, lawyers, law enforcement, and members of the media are keenly interested in the White House&#039;s proposed changes to laws affecting Internet security. Among the proposed amendments to the Computer Fraud and Abuse Act (CFAA), some of the proposed changes that represent the biggest concerns center around expanded language that pose an increased risk to performing many vulnerability research and security testing activities, and even reporting on breaches. Fri, 16 Jan 2015 05:17:00 -0800 Anonymous https://hackerone.com/blog/proposed-changes-to-the-cfaa The Tale of the Privacy Pink Panther https://www.hackerone.com/blog/pink-panther Last Friday, on my way home from 31c3, a funny thing happened on my way through Charles de Gaulle airport in Paris: I was required by a security agent to not only power up, but also type in my password to unlock my laptop in order to board my flight. Mon, 05 Jan 2015 05:08:00 -0800 Anonymous https://hackerone.com/blog/pink-panther Jingle Bugs - How to Rock in a Hard Place https://www.hackerone.com/blog/jingle-bugs With the end of 2014 dashing to a close and 2015 just over the hill, let&#039;s take a moment to look at the ghosts of bugs and breaches past. Vulnerability coordination, disclosure, and incident response have never been more important to get right. What could happen if we make adjustments in the way we approach security and how could that impact the bugs that will inevitably be delivered to both the naughty and nice in the future? Fri, 26 Dec 2014 04:57:00 -0800 Anonymous https://hackerone.com/blog/jingle-bugs Introducing Reputation https://www.hackerone.com/blog/introducing-reputation One of the primary challenges when running a vulnerability coordination program is distinguishing the signal from the noise. Today, we&#039;re introducing a new reputation system to make running a program even easier. Tue, 28 Oct 2014 05:39:00 -0700 Anonymous https://hackerone.com/blog/introducing-reputation New Security Inbox & Dashboard https://www.hackerone.com/blog/new-inbox-dashboard At HackerOne, we&#039;re on a mission to empower the world to build a safer internet. Better security begins with a quality vulnerability coordination process, and our free platform enables your team to seamlessly manage the entire workflow. Think of it as a replacement for your old shared security inbox. Thu, 28 Aug 2014 05:26:00 -0700 Anonymous https://hackerone.com/blog/new-inbox-dashboard Better, Stronger, Safer https://www.hackerone.com/blog/better-stronger-safer For the past year, we&#039;ve been busy pursuing our passions and building HackerOne. We&#039;re excited to share a little more what we&#039;ve been up to, what&#039;s next, and how we hope you can be a part of our mission. Tue, 27 May 2014 17:00:00 -0700 Anonymous https://hackerone.com/blog/better-stronger-safer