HackerOne Blog

The latest from HackerOne

A Call for a New Cybersecurity Measurement Standard

February 26th, 2025

Cybersecurity initiatives provide financial value to organizations. Still, translating the benefits of cybersecurity into dollars and cents has long been a challenge for security teams.

Read Now

All

Cloud Security

Code Security

Crowdsourced Security

Culture & Talent

Defense in Depth

From the CEO

HackerOne News

Offensive Security

Public Policy

Return on Mitigation

Security Compliance

Security Research

Exposure Management

How Bug Bounty Uncovered A 5-Year-Old Vulnerability In Hours

June 16th, 2022

When PullRequest was acquired, these concerns became HackerOne’s challenges. When we finalized the acquisition, we...

Live Hacking Event Invitations - 2022 Guide

June 14th, 2022

Hello Hackers, Live Hacking Events are an experience like no other: hackers collaborate and connect...

Exposure Management

CISOs: Do You Know the Security Risks of Your Organization's Next M&A?

June 14th, 2022

First, I will discuss the inherent risks associated with M&As as attack surfaces grow. A...

H1 Community Team: Your Hacker Allies

June 13th, 2022

Jessica Sexton, Director of Community ( Twitter/ LinkedIn) "I am excited to build a team...

Community at HackerOne: What's to Come

June 13th, 2022

From Jessica Sexton - Director of Community, Three years ago, I found my home at...

The Top 5 Most Common Security Issues I Discover When Reviewing Code

June 10th, 2022

NOTE: The following code examples have been contrived to provide detailed, illustrative representations of real...

Exposure Management

How to Catch Injection Security Vulnerabilities in Code Review

June 9th, 2022

Understanding Injection Vulnerabilities Injection vulnerabilities exist when information provided by users of the application is...

What is Confluence CVE-2022-26134 and How Do I Fix It

Severe Confluence Vulnerability is an Active Threat (CVE-2022-26134)

June 6th, 2022

Background The vulnerability allows unauthenticated remote code execution (RCE). Exploitation occurs by sending an HTTP...

Protect Critical Infrastructure from Threats

Exposure Management

How Critical Infrastructure Can be Protected from Threats

June 2nd, 2022

Accessing a major critical infrastructure network is very appealing to cybercriminals, as they can maximize...