Adobe & HackerOne
A decade of ethical hacking partnership, leveraging human-powered security to enhance digital experiences for millions of customers worldwide
A decade-long partnership
Founded 40 years ago on the simple idea of creating innovative products that change the world, Adobe offers groundbreaking technologies that empower everyone, everywhere, to imagine, create, and bring digital experiences to life. Adobe has been an active participant in the security community, engaging with partners, standards organizations, and security researchers to collectively enhance the security posture of its products and services. Adobe recognizes ethical hackers as a force multiplier in their quest to provide a safer experience for their customers. Over the past ten years, Adobe has partnered with HackerOne and ethical hackers to enhance Adobe’s security resilience.
Challenges
- Replace legacy vulnerability submission workflows to improve efficiency
- Reduce false positives
- Increase testing scope and strengthen collaboration with testers and hackers
Goals
- Scale vulnerability identification and mitigation
- Extend asset coverage
- Optimize spend for actionable results
Why HackerOne
- Global security expert network
- Integrated workflows via PSIRT
- Triage services to manage volume and prioritize real risk
How Adobe protects its innovative products
Strengthening hacker relationships
Adobe goes beyond traditional bug bounty, building community and engagement through programs like:
- Researcher Hall of Fame: Recognizes top contributors
- Ambassador World Cup (AWC): 32% high/critical report rate vs. 20% in standard bounty—fueled by motivated, global teams
- Live Hacking Events: Expanded reach to new researchers and direct connections at events like the AWC in Buenos Aires
Innovation in AI security
With a strong foundation in cybersecurity, Adobe has focused on mitigating risks associated with generative AI by fostering transparency about the capabilities and limitations of large language models (LLMs).
By engaging with ethical hackers, Adobe enhances its security measures and addresses potential AI vulnerabilities early in the development process. To that end, Adobe’s bug bounty program includes rewards for discovering vulnerabilities in Content Credentials and Adobe Firefly. Content Credentials, built on the C2PA open standard, provide tamper-evident metadata for digital content, ensuring transparency in creation and editing processes.
Adobe’s proactive approach aims to enhance AI security, foster innovation, and promote responsible AI development.
Modernizing Pentesting
Platform Integration
Direct engagement between Adobe's product team and pentesters, fostering more immediate and meaningful interactions.
Direct engagement between Adobe's product team and pentesters, fostering more immediate and meaningful interactions.
Automated Ticket Creation
Issues identified during pentests automatically generate tickets, streamlining the issue-tracking process.
Issues identified during pentests automatically generate tickets, streamlining the issue-tracking process.
Streamlined Launch
Accelerated setup and scheduling process helps with rapid deployment of pentesting services.
Accelerated setup and scheduling process helps with rapid deployment of pentesting services.
Elevated Vulnerability Discovery
Community-driven pentesting increases the discovery of unique vulnerabilities, strengthening Adobe's security defenses.
Community-driven pentesting increases the discovery of unique vulnerabilities, strengthening Adobe's security defenses.
Participating in the AWC was an incredible opportunity for Adobe to build deep relationships with the hacker community. I received great feedback about our bug bounty program and the AWC experience.
Collaboration with HackerOne, in addition to Adobe’s pentests, uncovers unique vulnerabilities while helping Adobe meet customer security expectations. We’re leveraging the HackerOne platform for reporting, ticketing automation, and taking action on further details on vulnerabilities reported.
