Report

The 2018 Hacker Report

The largest survey ever conducted of the ethical hacking community. See statistics and growth metrics, insights into hacker motivations and mindset, and hacker stories.

All Resources

Case Studies

Guides

Reports

Webinars

Videos

Infographics

Infographic
In the past 5 years, our community of hackers has earned more than $24 million in bounties—and they’re on track to earn $100 million by the end of 2020. But we’ve often wondered: what are they doing with all of that money?
Guide
See data from HackerOne platform and interview with CISO of the year, Leo Niemela
Report
The largest survey ever conducted of the ethical hacking community. See statistics and growth metrics, insights into hacker motivations and mindset, and hacker stories.
Case Study
Read how Yelp transitioned from a private bug bounty program to a public bug bounty program and their learnings and statistics
Case Study
More than 25% of websites are powered by WordPress. Learn about their security team's approach to bug bounties
Case Study
Get advice from Andrew Dunbar, Shopify's Director of Risk & Compliance on how they use bug bounties to secure 500,000 merchants
Case Study
Read about the strategies Riot Games employs in their successful bug bounty program which has paid out over $1M to hackers. Teaser: respect the hackers!
Case Study
Read how the security team at Mapbox have grown from a simple vulnerability disclosure policy to a robust and competitive bug bounty program. Written by Alex Ulsh from Mapbox.
Case Study
Coinbase is the most popular way to buy and sell cryptocurrencies. Read how they increased their bounties and secure their platform with HackerOne.
Case Study
HackerOne Response is helping AlienVault manage incoming reports, triage them, and automatically create tickets on their internal ticketing system. Read how.
Guide
Why thinking like a hacker is good for business
Guide
How you can protect your code, key GDPR articles you need to read, and your plan for when vulnerabilities are discovered by third parties
Guide
A flash card reference guide to the 10 most critical web security risks of 2017
Guide
Guidance on how to most effectively respond to a breach.
Guide
See a side-by-side comparison chart of traditional pen tests and hacker-powered pen tests.
Webinar
HackerOne welcomes Allen D. Householder and Art Manion, co-authors of the 121 page CERT® Guide to Coordinated Vulnerability Disclosure, for an Ask Me Anything session around their research and thoughts on vulnerability disclosure.
Guide
We distilled the 121-page CERT Guide to Coordinated Vulnerability Disclosure into a handy cliff notes version for easy reference
Guide
16 quotes from business and government leaders on why you need a vulnerability disclosure policy in place today to avoid being Equifax tomorrow
Guide
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018
Guide
See how Hacker-Powered Pen Tests deliver 10x the results at a fraction of the cost of traditional penetration tests
Infographic
Infographic showing how bug bounties are an invaluable tool for a secure SDLC.
Report
Our deep dive into vulnerabilities and programs for the financial services industry with new data and insights
Case Study
The U.S. Department of Defense (DoD), in a first for the U.S. Federal Government, invited white hat hackers to find security flaws in systems run by the Pentagon, Air Force, and Army.
Infographic
See some of the top companies running successful bug bounty programs on HackerOne.
Webinar
Watch this webinar to learn how to get around misguided thinking that leads to executive under investment in cyber security, and secure the resources you need.
Report
Specifically focused on the ecommerce and retail industry, this report covers data and insights from 800+ bug bounty programs.
Webinar
Scott Crawford, Research Director of Information Security at 451 Research, shares: Why having a Vulnerability Disclosure Policy is now “table stakes” and how bug bounties fit into the secure software development lifecycle
Guide
Download Vulnerability Disclosure Policy (VDP) Basics -- A complete guide for crafting an effective Vulnerability Disclosure Policy.
Infographic
A vulnerability disclosure policy (VDP) gives ethical hackers clear guidelines for reporting potentially unknown and harmful security vulnerabilities.
Guide
Get the TL;DR on 451 Research’s latest “pathfinder report” advising decision-makers on the value of bug bounties and the importance of a compliant vulnerability disclosure process.
Infographic
For your quick reference, we’ve distilled the report to 5 key trends that show how white-hat hackers are shaping the world of security.
Report
All the data from the HackerOne Hacker-Powered Security Report 2017
Webinar
Megan Brown and Matt Gardner for Wiley Rein Privacy & Cybersecurity Practice team up with HackerOne's CTO and Co-Founder Alex Rice for this informative webinar on Vulnerability Disclosure Policies and Programs.
Webinar
Continuous code deployments need continuous security solutions. Traditional pentests can’t do the whole job.
Guide
451 Research explores the role of bug bounties and vulnerability disclosure in the secure SDLC
Case Study
How to ensure security of the sensitive financial data for over 10,000 small and medium businesses? Run a top-tier bug bounty program.
Webinar
GitLab’s Product Manager, Victor Wu, dives into how GitLab helps you ship secure code, the tools they use, and a few industry best practices they follow to protect data and secrets.
Webinar
Author Adam Bacchus (Google, Snapchat, HackerOne) is your guide on this bug bounty journey and here is the recording from his webinar where he goes over all the cliff notes of the manual.
Webinar
Mack Staples, Senior Manager of Zenefits' Red Team, walks through some best practices they use to enable bug bounties as a core product security strategy.
Report
A comprehensive report by HackerOne on data and insights from 800+ bug bounty programs and 50,000 resolved security vulnerabilities
Case Study
Learn how hacker-powered security illuminated their security blind spots.
Report
Who are these bug bounty hackers?
Guide
The Visual Guide for how to Plan, Launch, and Operate a Successful Bug Bounty Program
Guide
The definitive guide on how to plan, launch, and operate a successful bug bounty program.
Infographic
A study on Americans’ understanding of cybersecurity and hackers.
Case Study
LocalTapiola upped their SDLC game with bug bounties
Guide
Learn about the HackerOne Success Index - measuring bug bounty success.
Case Study
Security Education Gets Results
Case Study
PullString protects kids with top-notch ToyTalk security
Guide
Tips from launching and leading the Facebook and Uber bug bounty programs.
Case Study
How to better protect one billion users
Guide
Best ways to make a Bug Bounty Program successful
Case Study
How ownCloud increased their security with a bug bounty program
Video
HackerOne customers describe HackerOne
Video
Can your company get hacked?
Video
HackerOne Product Overview
Video
Working with Hackers can improve security
Video
Katie Moussouris describes the Vulnerability Coordination Maturity Model
Video
Forward-thinking security teams collaborate to solve problems.