Steve has created a host of software programs, coined the term “spyware,” and has created a revolutionary password-less authentication protocol, SQRL.
Recently, Steve mentioned HackerOne on his weekly Security Now podcast. We’re honored to be recognized.
A Match Made in Hacker Heaven
HackerOne’s claim to fame is connecting the community of hackers with the companies who aspire to improve their application security. Steve praised us in contrast to other companies who buy exploits and then sell them to the highest bidder.
Instead, Steve is impressed with our business model. He describes HackerOne as “a matchmaker between those who put up bounties for the responsible discovery and reporting of bugs...and the hackers who enjoy finding them and reporting them and are motivated by those bounties.”
That’s an eloquent way of describing the model. But does Steve think we’re making an impact?
After navigating through our Hacktivity reports, the host of the show, Leo Laporte, commented on the overwhelming number of bug reports. Leo mentioned that “there’s a lot of bugs out there.” Steve saw the point of why we love what we do.
His response: “But many, many, many fewer because we have good guys finding them and reporting them.”
Our mission to provide a safer Internet for the world is the fight Steve Gibson has been fighting for over 30 years. It’s no wonder he sees why bug bounties are so essential to security today.
“An Essential Part of Our Security Ecosystem”
Steve acknowledged the need for companies to outsource their bug bounty program to achieve the best result.
He says, “So the beauty of this is it’s certainly possible for an organization to set up their own bug bounty program. But I can really see the advantage... [HackerOne] sort of form a central clearinghouse that makes it much easier for a company to say...we want to establish a bug bounty program. We’re simply going to register ourselves with HackerOne, let them manage it for us. Essentially outsource that whole process.”
Steve also quotes General Motors (GM) Vice President of Global Cybersecurity when he said, “Hackers have become an essential part of our security ecosystem.”
Afterward, Steve listed the Top 20 companies who’ve paid out the most in bug bounties over the past several years. Verizon tops the list, having paid over $4 million in bug bounties. Uber falls into second place, having paid $1.8 million, followed by PayPal, having paid $1.17 million.
Like GM, these companies have embraced the hacker community for the benefit of their users and employees alike.
Embraced By the Security Community
It’s humbling and extremely satisfying to hear veteran security researchers like Steve Gibson singing our praises. This podcast coverage was completely unsolicited. Steve noticed what we’re doing here at HackerOne and commented on why he thinks it’s great.
We thank Steve Gibson and the Security Now podcast for featuring us in this episode. We’ll continue our long fight to make the Internet a safer place. We’ll look for support from the security community, and influencers like Steve Gibson, to bolster and encourage us.
If you’re interested and seeing the benefits of a bug bounty for yourself, contact us today, and we’ll help you choose the best solution for your needs.