HackerOne CEO Marten Mickos On Bug Bounty Programs
David Brisson of Tripwire recently published a list of the 10 essential bug bounty programs of 2017. Half of the companies included on that list manage their vulnerability disclosure programs through HackerOne.
Taking note of this, David sat down with HackerOne CEO, Mårten Mickos, to discuss trends in the security industry, thoughts on bug bounty programs, and why companies turn to HackerOne.
We’ve pulled some of our favorite quotes from the conversation.
On what brought Mårten to HackerOne
“HackerOne has a powerful value proposition where you pay for results, not for products that may or may not solve your problem… this model provides a way for security experts all over the world to come together and do good.”
On why customers choose HackerOne
“We have the largest marketplace for hacker-powered security and attract the best hackers. We already have over 140,000 hackers signed up on the platform. No single customer needs that many hackers in their program, but thanks to this vast community, we can identify the ones that are best for each customer – whether they need 5, 50, 500 or 5000 hackers.”
Advice for companies looking to maximize bug bounty program success
“Do not start with a bug bounty program. Start with a vulnerability disclosure program (where you receive vulnerability submissions but you don’t reward them financially). Or start with a crowdsourced pentest. These two forms of hacker-powered security will allow you to get going without getting overwhelmed. Every organization needs to grow into the use of hacker-powered security. We have made sure that you can approach it one step at a time.”
Read the full interview: On Bug Bounty Programs: An Interview with HackerOne’s CEO on Tripwire.