HackerOne Blog

Crowdsourced Security

What Are Bug Bounties and How Do They Work?

December 4, 2025

Bug bounties give security researchers a structured way to report vulnerabilities. This guide explains how bug bounty programs work and why organizations use them.

Read Now

All

Cloud Security

Code Security

Crowdsourced Security

Culture & Talent

Defense in Depth

From the CEO

HackerOne News

Offensive Security

Public Policy

Return on Mitigation

Security Compliance

Security Research

Exposure Management

Crowdsourced Security

Bug Bounty

Introducing the HackerOne Bug Bounty Maturity Framework: A Guide to Operational Excellence

March 16, 2026

The HackerOne Bug Bounty Maturity Framework defines Baseline, Competitive, and Exemplary practices so teams can improve bug bounty operations, reduce friction, and drive stronger risk reduction.

Exposure Management

Crowdsourced Security

Bug Bounty

Hai

Closing the Exposure Gap: What pixiv Learned About Continuous Security Testing

March 10, 2026

pixiv moved beyond periodic assessments to continuous security testing, proving real exploitable risk, reducing noise, and accelerating remediation with high-signal findings.

Crowdsourced Security

Bug Bounty

How Santa Clara University Scales Security With a Small Team and Big Community

February 3, 2026

Santa Clara University scaled security with a student-driven bug bounty program and HackerOne support, improving visibility across campus systems.

Crowdsourced Security

Offensive Security

Bug Bounty

What Are Bug Bounties and How Do They Work?

December 4, 2025

Bug bounties give security researchers a structured way to report vulnerabilities. This guide explains how bug bounty programs work and why organizations use them.