The Early Days
In 1995, Netscape launched the first bug bounty program to uncover vulnerabilities in its Netscape Navigator 2.0. A company VP explained: “By rewarding users for quickly identifying and reporting bugs back to us, this program will encourage an extensive, open review of Netscape Navigator 2.0”
Another Browser Bug Bounty
Almost a decade later, Mozilla followed in Netscape’s footsteps by launching its Firefox bug bounty program, which offered a $500 reward for verified vulnerabilities. The program was later expanded to include most of the company’s products.
Tech Giants Take the Lead
After another significant time gap, several technology pioneers, including Google and Facebook, launched their own bug bounty programs. These programs were managed internally and many are still running to this day, having paid out millions of dollars in bounties.
Launch of HackerOne
In 2012, Jobert Abma and Michiel Prins founded HackerOne. It quickly grew to become the most successful crowd-powered security platform. Since 2012, over 1,800 organizations have partnered with HackerOne to uncover 180,000+ verified vulnerabilities.
A Surge in Silicon Valley
Hacker-powered security gained huge traction with software and digital service providers. Companies like Slack, Uber, Twitter, and Dropbox saw the HackerOne community as an opportunity to add huge value to their security programs — and never looked back.
Other Industries Take Note
Hacker-powered security began to gain traction with other industries. First-movers were mainly in industries that rely on technology, including e-commerce and financial services. Soon, more conservative industries took notice. The launch of General Motors bug bounty program on the HackerOne platform in 2016 marked the start of widespread use of hacker-powered security.
DOD Legitimizes Hacker-Powered Security
In April 2016, the U.S. Department of Defense partnered with HackerOne to launch its ground-breaking Hack the Pentagon program. Over the course of a few weeks, hackers uncovered 138 legitimate vulnerabilities, earning $75,000 in bounty payments. Hack the Pentagon laid the groundwork for an enduring partnership between HackerOne and the U.S. Government.
Hacking the Most Risk-Averse Organizations
Following the DoD’s lead, several other government agencies launched bug bounty programs through HackerOne. These included the U.S. Army, Air Force, and Marine Corps. As of 2020, HackerOne became the only vendor in the industry to be FedRAMP authorized, making hacker-powered security available to all government organizations.
The Internet’s Immune System
There is no way to avoid security vulnerabilities. The only option is to find and fix vulnerabilities before they are exploited in the wild. Hacker-powered security plays the role of ‘Internet immune system’, helping organizations achieve security and compliance objectives by uncovering critical vulnerabilities quickly and painlessly.