hacker-report-2019-featured-image
Report

The 2019 Hacker Report

The 2019 Hacker Report brings the HackerOne community to life with statistics, interviews, insights, and more from over 300,000 individuals working to make the internet a safer place.

Download
hacker-report-2019-featured-image
Filter:

All Resources

Case Studies

Guides

Reports

Webinars

Videos

Infographics

Video

AWS and HackerOne: From Villains to Heroes: The Hacking Evolution

Case Study

Why About You Uses Hacker-powered Security To Put More Eyes On Their Fashionable Technology

Webinar

Exploring the Top 15 Most Common Vulnerabilities with HackerOne, GitHub, and Threatpost

In this webinar, HackerOne co-founder Michiel Prins will cover the top 15 vulnerabilities types of the 100,000+ valid vulnerabilities reported across the HackerOne platform.
Webinar

Avoid the Breach with Effective Application Security Testing

Webinar

Webinar Series: Hackers Aren't Criminals

Learn how collaborating with ethical hackers minimizes cyber risk and the policies that promote a "neighborhood watch” driven approach to security.
Report

The 2019 Hacker Report

The 2019 Hacker Report brings the HackerOne community to life with statistics, interviews, insights, and more from over 300,000 individuals working to make the internet a safer place.
Webinar

Webinar Series: Meeting Compliance Needs While Managing Risk Effectively

Learn how you can work with your QSA and auditors to meet your compliance needs.
Guide

Get Better Results—and a Higher ROI—with Hacker-Powered Pen Tests

Every security-aware organization uses penetration tests to simulate attacks, close security gaps, and fulfill compliance requirements.
Webinar

Webinar Series: The Best, Crawl, Run Approach to Bug Bounties

Learn how you can implement hacker-powered security strategically with your security needs and maturity in mind.
Webinar

Webinar Series: Hacker Education, Motivations, and Insights

Learn how you can work with a community of ethical security researchers to discover critical vulnerabilities, have meaningful interactions, and improve your security posture. #TogetherWeHitHarder
Video

The Cyber Security Survival Guide for Startups

When running a startup, it is vital to know and identify the possible threats the cyber space holds in it. CEO at HackerOne Mårten Mickos, Jesse Kinser, the Director of Product Security at LifeOmic and Frans Rosén, Security Advisor at Detectify will let you in their mindset of operating a hack-free startup.
Guide

Next-Gen Application Security. Launch effective agile security for agile development.

Improve your application security by following these words of advice on how to incorporate bug bounties and crowdsourced pen tests into your DevOps pipeline
Guide

Crowdsourced Penetration Testing - What It Is and Best Practice Guide

Webinar

How GitLab and HackerOne are accelerating innovation without compromising security or quality

Guide

MSPs Under Attack from Cybercriminals: 4 Steps to Take

Read this new ebook to learn 4 steps MSPs can take today in response to this government alert.
Guide

Vulnerability Disclosure Policy: What is it. Why you need one. How to get started.

Guide

The Beginners' Guide to Hacker-Powered Security

In this exhaustive guide, you’ll learn: How you can easily and quickly add hacker-powered security in a step-by-step process...
Webinar

Bug Bounty Programs: Lessons learned from implementation in the financial services industry

Join financial services veteran, Jason Pubal, for this informative webinar on bug bounty implementation for financial services firms. Jason will review how in an agile and devops world, bug bounty programs help align information security with the new pace of product development and enhance a penetration testing program to be more focused and valuable. 
Report

The HackerOne Community Difference: How to work with hackers

Get to know the HackerOne community of hackers and see details of the HackerOne platform and approach.
Guide

Hacker-Powered Security For Startups

Hacker-powered security checks off each of those boxes for growth-stage startups. It’s a cost-effective means for reducing risk and improving security, while also enabling engineering scalability and efficiency.
Guide

7 Common Security Pitfalls to Avoid When Migrating to the Cloud

No one migrates to the cloud to become less secure than before the migration. Read on to learn how to prevent such a security regression when migrating to the cloud.
Report

The Hacker-Powered Security Report - Financial Services & Insurance Edition

Vulnerability data and hacker-powered security adoption metrics for the financial services industry
Guide

What is a Vulnerability Disclosure Policy And Why You Need One

VDPs protect companies and hackers. That’s why the U.S. Department of Justice, the European Commission, and the U.S. Food & Drug Administration recommend them.
Guide

Software Vulnerability Disclosure in Europe

Summary and Key Highlights of the European Parliament CEPS Task Force Report
Case Study

SumoLogic and Hacker-Powered Pen Tests for Security and Compliance

When customers trust you to store and manage their data in the cloud, and regulatory agencies are watching, you need more than just the traditional approach to security.
Case Study

Zomato Customer Story

Connecting eaters with restaurants is Zomato’s main business, so they took a hospitable approach to hackers, driving engagement and quality submissions vital to the security of Zomato’s customers and core business applications.
Webinar

The Hacker-Powered Security Report 2018 Key Findings Highlighted

Fireside Chat between Marten Mickos - HackerOne CEO and Luke Tucker, Director Content & Community, HackerOne
Case Study

WHY NEXTCLOUD PUTS HACKER-POWERED SECURITY FRONT AND CENTER

Read how Nextcloud uses HackerOne to expand their security efforts while maintaining a tight budget and keeping up with speedy competitors
Case Study

How Salesforce Uses Bug Bounties to Protect Their Customers' Data

Over the past 3 years, Salesforce has worked with HackerOne to accept thousands of bug reports and award bounties to more than 1,200 hackers. The results are nothing short of a resounding success.
Report

How HackerOne Secures Blockchain and Cryptocurrency

More than 40 of the top blockchain and cryptocurrency companies trust HackerOne and our community of white-hat hackers to strengthen their security and protect their users.
Webinar

Hacker-Powered Pen Tests : the modern alternative to traditional Pen Tests

Report

The Hacker-Powered Security Report 2018

The study on the hacker-powered security ecosystem
Guide

Vulnerability Disclosure Policy Basics for The Financial Services Industry: 5 Critical Components Every Policy Needs

Read the e-book to get all the details you need to implement a complete and compliant policy. 
Infographic

HackerOne Challenge Customer Testimonials

HackerOne Challenge customers—from the U.S. Department of Defense and the U.S. Air Force, to GitHub to Airbnb—and 100’s more customers are embracing the hacker-powered approach to increase the value they receive from point-in-time security tests. Here’s what they had to say in their own words.
Video

Reina Staley: How and Why the US Department of Defense works with white hat hackers

Reina is with the Defense Digital Service, as part of the larger US Digital Service; those responsible for Hack the Pentagon.
Guide

Start with Security Best Practices Guide

What the Federal Trade Commission learned from more than 50 law enforcement actions related to data security
Guide

Get more from your pentest budget

Don’t just check the box on your annual pen test regimen but get useful results to improve your overall security.
Video

HackerOne Customer Story- Chris Nims - CISO Oath

Report

How the Automotive Industry is Working with Hackers to Improve Security

General Motors, Toyota, Auto-ISAC, and others are setting the cybersecurity pace for the entire automotive industry to follow.
Guide

Lessons from Equifax: When Every CISO’s Worst Case Scenario Becomes Your New Reality

What's it like testifying in front of congress after a massive breach?
Video

HackerOne CEO Marten Mickos on NBC: Would you hack the Department of Homeland Security?

HackerOne CEO Marten Mickos joins NBC anchor and reporter Scott McGrew, Gizmodo's Kate Conger, and Reuters' Heather Somerville to discuss bug bounties and the latest Hack the Department of Homeland Security Bill (HR 1281)
Case Study

How GM works with hackers to enhance their security

Read about GM’s success of working with HackerOne and the white hat hacker community
Guide

CISO's Guide to GDPR - Q&A with Thomas Fischer

CISO's look to Thomas for getting their GDPR questions answered. Read the full interview with Thomas as he addresses some key concerns on this hot topic
Case Study

Qualcomm Embraces Hacker-Powered Security

Qualcomm's Alex Gantman shares advice and best practices on working with security researchers and running a bug bounty program
Case Study

The Shopify Hacker-Powered Security Story

Shopify uses bug bounties to safeguard their merchants and turn the tables on vulnerabilities...and criminals.
Report

US Senate Subcomittee on Data Security and Bug Bounties

Read HackerOne Co-Founder and CTO Alex Rice’s summary of the hearing testimony, a full transcript of the hearing testimony of HackerOne CEO, Mårten Mickos, and also included are responses to follow up questions from U.S. Senator Jerry Moran of Kansas.
Webinar

The Data Protection Officer (DPO): Everything You Need to Know

Privacy expert and DPO consultant Debra Farber presents on the GDPR requirements for the Data Protection Officer
Guide

Hacker Vetting: Trusted Security Talent for the Enterprise

HackerOne provides several layers of control for selecting, inviting, and approving hackers based on their Reputation metrics, past program participation, specific skills, and more. Read how it works.
Case Study

Distributed Defense: How Government Agencies Deploy Hacker-Powered Security

Government agencies such as the US DoD, EU Commission, Singapore MINDEF and others, trust HackerOne to manage their hacker-powered security programs. Read their success stories.
Infographic

OWASP Top 10 Web Security Risks of 2017

Flashcards formatted for easy printing and sharing
Infographic

How Hackers Spend Their Bounties

In the past 5 years, our community of hackers has earned more than $24 million in bounties—and they’re on track to earn $100 million by the end of 2020. But we’ve often wondered: what are they doing with all of that money?
Guide

What percentage of your vulnerabilities have GDPR implications?

See data from HackerOne platform and interview with CISO of the year, Leo Niemela
Report

The 2018 Hacker Report

The largest survey ever conducted of the ethical hacking community. See statistics and growth metrics, insights into hacker motivations and mindset, and hacker stories.
Case Study

Yelp analyzes the first 100 days of their public bug bounty program

Read how Yelp transitioned from a private bug bounty program to a public bug bounty program and their learnings and statistics
Case Study

WordPress Security Team Lead on their public bug bounty program launch

More than 25% of websites are powered by WordPress. Learn about their security team's approach to bug bounties
Case Study

Why Riot Games pays hackers to break them

Read about the strategies Riot Games employs in their successful bug bounty program which has paid out over $1M to hackers. Teaser: respect the hackers!
Case Study

Mapbox's journey to a public bug bounty program

Read how the security team at Mapbox have grown from a simple vulnerability disclosure policy to a robust and competitive bug bounty program. Written by Alex Ulsh from Mapbox.
Case Study

Coinbase finds security and success with bug bounties

Coinbase is the most popular way to buy and sell cryptocurrencies. Read how they increased their bounties and secure their platform with HackerOne.
Case Study

Alien Vault streamlines their vulnerability disclosure with HackerOne Response

HackerOne Response is helping AlienVault manage incoming reports, triage them, and automatically create tickets on their internal ticketing system. Read how.
Guide

Train Your Employees to Think Like Hackers

Why thinking like a hacker is good for business
Guide

Shift security to the left for effective GDPR compliance... and better code

How you can protect your code, key GDPR articles you need to read, and your plan for when vulnerabilities are discovered by third parties
Guide

OWASP Top 10 2017 Flash Cards

A flash card reference guide to the 10 most critical web security risks of 2017
Guide

Breach Basics: Preparation for the Inevitable

Guidance on how to most effectively respond to a breach.
Guide

Traditional Pen Testing versus Hacker-Powered Pen Testing

See a side-by-side comparison chart of traditional pen tests and hacker-powered pen tests.
Webinar

Learn Coordinated Vulnerability Disclosure Basics From The Experts

HackerOne welcomes Allen D. Householder and Art Manion, co-authors of the 121 page CERT® Guide to Coordinated Vulnerability Disclosure, for an Ask Me Anything session around their research and thoughts on vulnerability disclosure.
Guide

Your TL;DR Summary of the CERT Guide to Coordinated Vulnerability Disclosure

We distilled the 121-page CERT Guide to Coordinated Vulnerability Disclosure into a handy cliff notes version for easy reference
Guide

Voices of Vulnerability Disclosure

16 quotes from business and government leaders on why you need a vulnerability disclosure policy in place today to avoid being Equifax tomorrow
Guide

GDPR Guide: 12 Steps to Take Now

Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018
Guide

Hacker-Powered Pen Tests and the Power of More

See how Hacker-Powered Pen Tests deliver 10x the results at a fraction of the cost of traditional penetration tests
Infographic

Where and How Bug Bounties Fit Into The SDLC

Infographic showing how bug bounties are an invaluable tool for a secure SDLC.
Report

Hacker-Powered Security Report 2017: Financial and Banking Edition

Our deep dive into vulnerabilities and programs for the financial services industry with new data and insights
Case Study

Defending the Federal Government from Cyber Attacks

The U.S. Department of Defense (DoD), in a first for the U.S. Federal Government, invited white hat hackers to find security flaws in systems run by the Pentagon, Air Force, and Army.
Webinar

Tips on Building a World Class Bug Bounty Program From Senior Red Team Expert, Mack Staples

Webinar

AMA with Authors of The CERT Guide to Coordinated Vulnerability Disclosure

Infographic

9 Top Bug Bounty Programs

See some of the top companies running successful bug bounty programs on HackerOne.
Webinar

Webinar: Why Executives Underinvest in Security

Watch this webinar to learn how to get around misguided thinking that leads to executive under investment in cyber security, and secure the resources you need.
Report

Hacker-Powered Security Report 2017: Ecommerce and Retail Edition

Specifically focused on the ecommerce and retail industry, this report covers data and insights from 800+ bug bounty programs.
Webinar

451 Research Webinar: Bug Bounties and the Path to Secure Software

Scott Crawford, Research Director of Information Security at 451 Research, shares: Why having a Vulnerability Disclosure Policy is now “table stakes” and how bug bounties fit into the secure software development lifecycle
Guide

Vulnerability Disclosure Policy (VDP) Basics

Download Vulnerability Disclosure Policy (VDP) Basics -- A complete guide for crafting an effective Vulnerability Disclosure Policy.
Infographic

5 Critical Components of a Vulnerability Disclosure Policy

A vulnerability disclosure policy (VDP) gives ethical hackers clear guidelines for reporting potentially unknown and harmful security vulnerabilities.
Video

Hack the Air Force 2.0 Live-Hacking Event brings together Airmen and Hackers

Video

Shopify's Andrew Dunbar on the Success of h1-415

Guide

7-Step Roadmap to Hacker-Powered Security Success by 451 Research

Get the TL;DR on 451 Research’s latest “pathfinder report” advising decision-makers on the value of bug bounties and the importance of a compliant vulnerability disclosure process.
Infographic

5 Hacker-Powered Trends You Need to Know About

For your quick reference, we’ve distilled the report to 5 key trends that show how white-hat hackers are shaping the world of security.
Report

Hacker Powered Security – 100 Key Facts

All the data from the HackerOne Hacker-Powered Security Report 2017
Webinar

Megan Brown and Matt Gardner for Wiley Rein Privacy & Cybersecurity Practice team up with HackerOne's CTO and Co-Founder Alex Rice for this informative webinar on Vulnerability Disclosure Policies and Programs.

Report

The Pictet Group’s Security in a Digital World - Bounties for bug hunters make the internet safer

Pictet’s Security in a digital world issue twenty-one
Guide

451 Research Pathfinder Report: Bug Bounties and the Path to Secure Software

451 Research explores the role of bug bounties and vulnerability disclosure in the secure SDLC
Case Study

Case Study: The Zenefits Bug Bounty Story

How to ensure security of the sensitive financial data for over 10,000 small and medium businesses? Run a top-tier bug bounty program.
Webinar

Hear How GitLab innovates faster without sacrificing security or quality

GitLab’s Product Manager, Victor Wu, dives into how GitLab helps you ship secure code, the tools they use, and a few industry best practices they follow to protect data and secrets.
Webinar

Hacker-powered Software Development webinar with Assembla's CTO Jacek Materna

Creating secure software at the speed of agile: Your SDLC is incomplete without Hacker-powered security with Assembla CTO, Jacek Materna.
Report

The Hacker-Powered Security Report 2017

A comprehensive report by HackerOne on data and insights from 800+ bug bounty programs and 50,000 resolved security vulnerabilities
Case Study

Bug Bounty Case Study - The GitHub Story

Learn how hacker-powered security illuminated their security blind spots.
Report

2016 Bug Bounty Hacker Report

Who are these bug bounty hackers?
Guide

Visual Guide to Bug Bounty Success

The Visual Guide for how to Plan, Launch, and Operate a Successful Bug Bounty Program
Guide

Best Bug Bounty Program Guide – Tips & Examples

The definitive guide on how to plan, launch, and operate a successful bug bounty program.
Infographic

Cyber Security & Hacking – An American Perspective

A study on Americans’ understanding of cybersecurity and hackers.
Case Study

Towards the $50,000 Bounty

LocalTapiola upped their SDLC game with bug bounties
Guide

How to Succeed with Your Bug Bounty Program

Learn about the HackerOne Success Index - measuring bug bounty success.
Guide

Bug Bounty 5 years in

Tips from launching and leading the Facebook and Uber bug bounty programs.
Guide

How to Run a Bug Bounty Program - 2016 Guide

Best ways to make a Bug Bounty Program successful
Video

Why we use HackerOne

HackerOne customers describe HackerOne
Video

Does Your CEO Know You'll Get Hacked

Can your company get hacked?
Video

HackerOne - How it Works

HackerOne Product Overview
Video

How to Team Up with Hackers

Working with Hackers can improve security
Video

Vulnerability Coordination Maturity Model

Katie Moussouris describes the Vulnerability Coordination Maturity Model
Video

The New Age of Collaboration in Software Security

Forward-thinking security teams collaborate to solve problems.

For Business

Product OverviewHackerOne ResponseHackerOne BountyHackerOne ChallengeServicesResourcesEventsMeet the HackersLive HackingBusiness Support

For Hackers

Start HackingHacker101LeaderboardHacktivityProgram DirectoryHacker SupportDisclosure GuidelinesDisclosure Assistance

Community

Community EditionInternet Bug BountyZero Daily Newsletter

Company

About UsEventsDocumentationBlogPressCareersCustomersPartnersSecurity

Contact

Contact SalesReport a BugSupport

Try HackerOne

Start a ProgramStart Hacking

Contact Us

We use cookies to collect information to help us personalise your experience and improve the functionality and performance of our site. By continuing to use our site, you consent to our use of cookies. For more information see our cookies policy.I AGREE