HackerOne Blog

The latest from HackerOne

When Discovery Is Cheap, Validation Is Priceless for Reducing Risk

March 26, 2026

AI is making vulnerability discovery cheap. CTEM only reduces risk when teams validate exploitability, remediate, and retest to prove fixes hold.

Read Now

All

Cloud Security

Code Security

Crowdsourced Security

Culture & Talent

Defense in Depth

From the CEO

HackerOne News

Offensive Security

Public Policy

Return on Mitigation

Security Compliance

Security Research

Exposure Management

Government agency implementing Zero Trust with a VDP

Security Compliance

Public Policy

How VDP Aligns With Zero Trust

November 20, 2023

A core component of Zero Trust is enabling external testers to validate the continuous security of external-facing assets, like through a VDP.

Security Compliance

Public Policy

Fortifying Assets for SEC Compliance with HackerOne

November 16, 2023

After the SEC's recent charges against SolarWinds, publicly traded companies need robust cybersecurity risk management.

Meet the Talent Strategy Team

November 15, 2023

Our understanding of leadership and employee needs and the ability to build learning and development...

A security team prioritizing vulnerability management

Exposure Management

Vulnerability Prioritization: Severity Does Not Mean Priority

November 14, 2023

A data-informed prioritization strategy is integral to ensuring remediation efforts are practical — and severity does not always mean priority.

Security Compliance

Public Policy

2024 Budget Planning: Preparing For U.S. Mandates to Implement Vulnerability Disclosure Policies (VDPs)

November 9, 2023

U.S. policymakers are increasingly encouraging and mandating public and private sector organizations to enhance their cybersecurity programs by adopting VDPs. Have you planned for a VDP in next year’s budget?

Offensive Security

What Is the Difference Between Pentesting and Bug Bounty?

November 8, 2023

Do pentesting and bug bounties serve the same purpose or complement each other? Let’s explore the four different approaches to pentests and the key differences between bug bounty and pentesting.

Exposure Management

5 Common Mistakes When Running a Bug Bounty Program

October 31, 2023

Why do organizations experience challenges when running bug bounty programs?

Crowdsourced Security

Salesforce Teams Up With All-Star Hackers at H1-4420

October 30, 2023

Salesforce and HackerOne joined 45 of the world’s best ethical hackers in London for a live hacking event.

HackerOne using GenAI for vulnerability detection and remediation

Responsible AI at HackerOne

October 25, 2023

At HackerOne, we are combining human intelligence with artificial intelligence at scale to improve the efficiency of people and unlock entirely new capabilities.