HackerOne Blog

The latest from HackerOne

Finding Fast, Fixing Slow: The Rising Exposure Debt

May 6, 2026

Vulnerability submissions are up 76%. Unresolved criticals grew 25x. HackerOne platform data reveals a widening remediation gap that security teams can't afford to ignore.

Read Now

All

CTEM

Cloud Security

Code Security

Crowdsourced Security

Culture & Talent

Defense in Depth

From the CEO

HackerOne News

Offensive Security

Public Policy

Return on Mitigation

Security Compliance

Security Research

Exposure Management

Code Security

3 Lessons Learned from My First Week of Code Review

January 6, 2020

Photo by Jefferson Santos on Unsplash on Unsplash This is the first in a series...

This Season, Give the Gift of Data-Driven Insight

December 13, 2019

It’s that time of the year again. Time to dig out your wrinkled “No, I...

Using Bug Bounty Talent Pools to Attract and Maintain Top Talent

December 10, 2019

Security leaders today face a complex set of talent challenges—from training on the latest attack...

Transparency Builds Trust

December 6, 2019

Someone called it a “breach,” and the world took notice. Here is the story. There...

Code Security

3 Ways That Remote Teams Make Code Review Work Across Multiple Timezones

November 27, 2019

Photo by Brooke Cagle on Unsplash “A code review is a synchronization point among different...

How Bug Bounties Help You Shift Left

November 26, 2019

For many organizations, the days when security acted as a final “check-in” are disappearing faster...

HackerOne is a 2019 Cyber Catalyst Designated Cybersecurity Solution

November 21, 2019

HackerOne has been chosen as a 2019 Cyber Catalyst SM designated cybersecurity solution. HackerOne Bounty...

8 High-impact Bugs and How HackerOne Customers Avoided a Breach: SQL Injection

November 20, 2019

This blog series counts down 8 high-impact vulnerability types, along with examples of how HackerOne...

How the Risk-Averse DoD Learned to Stop Worrying and Love the Hackers

November 19, 2019

There are few, if any, organizations more risk-averse than the U.S. Department of Defense. But...