History of Hacker-Powered Security - 1995

The Early Days

In 1995, Netscape launched the first bug bounty program to uncover vulnerabilities in its Netscape Navigator 2.0. A company VP explained: “By rewarding users for quickly identifying and reporting bugs back to us, this program will encourage an extensive, open review of Netscape Navigator 2.0”


History of Hacker-Powered Security - 2004

Another Browser Bug Bounty

Almost a decade later, Mozilla followed in Netscape’s footsteps by launching its Firefox bug bounty program, which offered a $500 reward for verified vulnerabilities. The program was later expanded to include most of the company’s products.


History of Hacker-Powered Security - 2010

Tech Giants Take the Lead

After another significant time gap, several technology pioneers, including Google and Facebook, launched their own bug bounty programs. These programs were managed internally and many are still running to this day, having paid out millions of dollars in bounties.


History of Hacker-Powered Security - 2012

Launch of HackerOne

In 2012, Jobert Abma and Michiel Prins founded HackerOne. It quickly grew to become the most successful crowd-powered security platform. Since 2012, over 1,800 organizations have partnered with HackerOne to uncover 180,000+ verified vulnerabilities.


History of Hacker-Powered Security - 2013

A Surge in Silicon Valley

Hacker-powered security gained huge traction with software and digital service providers. Companies like Slack, Uber, Twitter, and Dropbox saw the HackerOne community as an opportunity to add huge value to their security programs — and never looked back.


History of Hacker-Powered Security - 2015

Other Industries Take Note

Hacker-powered security began to gain traction with other industries. First-movers were mainly in industries that rely on technology, including e-commerce and financial services. Soon, more conservative industries took notice. The launch of General Motors bug bounty program on the HackerOne platform in 2016 marked the start of widespread use of hacker-powered security.


History of Hacker-Powered Security - 2016

DOD Legitimizes Hacker-Powered Security

In April 2016, the U.S. Department of Defense partnered with HackerOne to launch its ground-breaking Hack the Pentagon program. Over the course of a few weeks, hackers uncovered 138 legitimate vulnerabilities, earning $75,000 in bounty payments. Hack the Pentagon laid the groundwork for an enduring partnership between HackerOne and the U.S. Government.

Read More


History of Hacker-Powered Security - 2017

Hacking the Most Risk-Averse Organizations

Following the DoD’s lead, several other government agencies launched bug bounty programs through HackerOne. These included the U.S. Army, Air Force, and Marine Corps. As of 2020, HackerOne became the only vendor in the industry to be FedRAMP authorized, making hacker-powered security available to all government organizations.

The Internet’s Immune System

There is no way to avoid security vulnerabilities. The only option is to find and fix vulnerabilities before they are exploited in the wild. Hacker-powered security plays the role of ‘Internet immune system’, helping organizations achieve security and compliance objectives by uncovering critical vulnerabilities quickly and painlessly.

In Their Words

More Resources