What is your cybersecurity need?
Protect your evolving assets.
Scale app security across the SDLC.
Build your brand and protect your customers.
Meet compliance requirements and more.
Reshaping the way companies find and fix critical vulnerabilities before they can be exploited.
Test your organization's security preparedness with HackerOne Assessment.
Establish a compliant vulnerability assessment process.
The first step in receiving and acting on vulnerabilities discovered by third-parties.
Continuous testing to secure applications that power organizations.
Highly vetted, specialized researchers with best-in-class VPN.
Enhance your hacker-powered security program with our Advisory and Triage Services.
Home > Blog > from the ceo
Cyberattacks are the terrorism of today, hitting societies, commercial companies, and even individual citizens with data theft, money theft, ransomware, disruption of operations, public shaming, and loss of trust. The list of potential damage is long, and perpetrators are hiding in the dark web in jurisdictions outside of our control.
Last week’s U.S. Presidential Executive Order underscores the critical status of #cybersecurity in the U.S. Today, HackerOne CEO Marten Mickos shares his perspective on how private sector CEOs should take action and make security a collective internal priority for organizations.
At HackerOne we say No to racism. We are here to democratize opportunity across the world. We believe in the aspirations and possibilities of every human being. Hacker-powered security is proof that by working together across all boundaries we accomplish what otherwise would remain unachievable.
Today we celebrate with all our hackers the phenomenal milestone of a hundred million dollars in bounties. Hack for Good! Yet we should know that we are only getting going. The digital world is not safe and secure yet. Much more work awaits us. We have one hundred million more bugs to find.
We start the new year of 2020 with great prospects. First of all, 2019 turned out to be a massive success for hacker-powered security. HackerOne paid out over $35,000,000 in bounties to hackers all over the world. These bounties are the thank-yous from nearly two thousand companies and government agencies for tens of thousands of valid vulnerability reports voluntarily submitted by willing and able security experts. There may be no more effective way of reducing cyber risk than coordinated vulnerability disclosure and bug bounties.
Our civilization is going digital. That’s fantastic. Unfortunately, our software is not secure enough to carry a digital and connected civilization. When systems get breached, people can’t trust the digital world. In a way, we try to do too much. Our innovation is outpacing security and privacy. Something must be done. This is the HackerOne commitment: As long as our digital world is plagued by vulnerabilities, we will continue to hack for the good of our connected society.
With enough hackers, all security vulnerabilities are shallow. There is no better way to know the security of your systems than inviting a diverse community to report your weaknesses. On behalf of grateful customers, we have awarded over $42M in rewards to the do-gooders — the hackers. We will end 2018 with a business that has grown 10X in just 3 years.
Today we celebrate cyber defense. The U.S. Department of Defense’s Defense Digital Service (DDS) announced expansion of the Hack the Pentagon crowdsourced security program and partnership with HackerOne. HackerOne is one of three vendors to be awarded a contract as part of the Hack the Pentagon expansion to run private assessments against sensitive, internal systems.
We are seeing tremendous growth at HackerOne. Bug bounty programs, vulnerability disclosure policies, and crowdsourced pentests are needed by anyone entrusted with protecting customer data. To serve our rapidly expanding customer base, we have tripled our headcount in the past 12 months and opened new offices in New York, Washington D.C. and Singapore, in addition to our San Francisco, London and Netherlands offices.
The best way to prevent getting hacked is to try to get hacked. Paradoxical as this may sound, evidence shows it is true. The worst data breaches the world has seen were with companies that did not invite external security researchers to report their findings. But by hunting for their security vulnerabilities, organizations can ensure the weak points are found and fixed before they are identified by criminals. Open sourcing security is the way.