HackerOne Team

  • Announcing the Results of Hack U.S.

    Announcing the Results of Hack U.S.

    HackerOne met with Katie Savage, Deputy Chief Digital & Artificial Intelligence Officer at DDS, and Melissa Vice, Director, DoD VDP at DC3 from the organizing teams of Hack U.S. to discuss the...

    Read Article
  • 5 Articles to Get You Up-to-Speed on Bug Bounty Programs

    5 Articles to Get You Up-to-Speed on Bug Bounty Programs

    This article shares five valuable resources about bug bounty programs, why they are useful, how to implement them, and how they can improve your organization’s security and...

    Read Article
  • Security Highlights: New CWE Rankings, Software Supply Chains, and Side-Channel Attacks

    Security Highlights: New CWE Rankings, Software Supply Chains, and Side-Channel Attacks

    MITRE Releases 2022 CWE Top 25 The popular CWE Top 25 list, which ranks the most dangerous software vulnerabilities, has been updated for 2022. The CWE Top 25 is updated annually by The MITRE...

    Read Article
  • 5 Security Stages of the DevSecOps Pipeline

    5 Security Stages of the DevSecOps Pipeline

      5 Security Stages In-Depth A typical DevOps pipeline contains eight stages. The DevSecOps pipeline retains all of these and adds five more that are specific to security: 1. Threat...

    Read Article
  • DevSecOps vs DevOps: What is the Difference?

    DevSecOps vs DevOps: What is the Difference?

    In this article, we’ll explain what DevSecOps is, how it differs from DevOps, and what security controls it should ideally incorporate. What is the Difference Between DevOps and DevSecOps? The...

    Read Article
  • Severe Confluence Vulnerability is an Active Threat (CVE-2022-26134)

    Severe Confluence Vulnerability is an Active Threat (CVE-2022-26134)

    Background The vulnerability allows unauthenticated remote code execution (RCE). Exploitation occurs by sending an HTTP request with an attack payload to a vulnerable instance of Confluence,...

    Read Article
  • Ethical Hackers Help Beiersdorf Minimize Risk and Protect Their Attack Surface

    Ethical Hackers Help Beiersdorf Minimize Risk and Protect Their Attack Surface

    Beiersdorf’s cybersecurity team is always thinking about the best ways to secure their public-facing assets. As their digital footprint increases, they add new processes and systems to align with...

    Read Article
  • What Is a Security.txt File and How Can It Help Your Program?

    What Is a Security.txt File and How Can It Help Your Program?

    Security.txt is a security mechanism that allows your organization to provide its vulnerability disclosure policy and contact information in a standardized format and location. The file is...

    Read Article
  • HackerOne Announces a New Customer Pentest Setup that's More Efficient and Speeds Time to Launch

    HackerOne Announces a New Customer Pentest Setup that's More Efficient and Speeds Time to Launch

    This improved experience reduces time to launch, which is vital when your organization is up against an urgent timeline to complete a pentest due to a recent acquisition, a security breach,...

    Read Article
  • Why HackerOne Acquired Pull Request and What It Means to Our Customers

    Why HackerOne Acquired Pull Request and What It Means to Our Customers

    Security vulnerabilities are a significant workflow disruption when discovered near the end of development. Vulnerabilities found after release are a bigger problem. Depending on the severity,...

    Read Article
  • 12-Month DIB-VDP Pilot Concludes

    12-Month DIB-VDP Pilot Concludes HackerOne Mon, 05/02/2022 - 09:04 Read more about 12-Month DIB-VDP Pilot ConcludesMay 2, 2022

    Read Article
  • Announcing the Results of the 12-month DIB-VDP Pilot

    Announcing the Results of the 12-month DIB-VDP Pilot

    Learn more about the DoD DIB-VDP Pilot here.

    Read Article
  • How Wix Improves Their Security Posture with Ethical Hackers

    How Wix Improves Their Security Posture with Ethical Hackers

    Reducing risk is fundamental to Wix’s approach to cybersecurity, and as the threat landscape evolves, they turn to HackerOne Bounty to protect their security posture. Since 2018, Wix has invited...

    Read Article
  • Announcing the HackerOne 2022 Attack Resistance Report: A Security Survey—How to Close Your Organization's Attack Resistance Gap

    Announcing the HackerOne 2022 Attack Resistance Report: A Security Survey—How to Close Your Organization's Attack Resistance Gap

    Today, HackerOne published The 2022 Attack Resistance Report: A HackerOne Security Survey. Our research revealed an increasing gap—the attack resistance gap—between what organizations can defend...

    Read Article
  • How Ethical Hackers Help A.S. Watson Address Digital Risk

    How Ethical Hackers Help A.S. Watson Address Digital Risk

    A.S. Watson Group knows this as well as anyone. As the world’s largest international health and beauty retailer, they are in charge of the security for a footprint that includes more than 16,400...

    Read Article
  • HackerOne releases FAQ regarding sanctions

    HackerOne releases FAQ regarding sanctions HackerOne Wed, 03/16/2022 - 11:46 Read more about HackerOne releases FAQ regarding sanctionsMarch 16, 2022

    Read Article
  • Preventing Compromised Password Reuse on HackerOne.com

    Preventing Compromised Password Reuse on HackerOne.com

    This week, we rolled out an improvement to account security on the HackerOne website. We now block the use of any password known to have been compromised in major data breaches. This applies to...

    Read Article
  • Shifting Left with Ethical Hackers: A Q&A with GitLab

    Shifting Left with Ethical Hackers: A Q&A with GitLab

    We sat down with James Ritchey, Application Security Team Manager at GitLab and a three-year member of HackerOne’s Technical Advisory Board. James talked about how GitLab is shifting left to bring...

    Read Article
  • Donating Bounties to Humanitarian Efforts in Ukraine

    Donating Bounties to Humanitarian Efforts in Ukraine

    In 2020, we launched the Hack for Good program to allow ethical hackers to donate their bounties to charitable causes. With the world's eyes on the invasion of Ukraine, we are inviting hackers to...

    Read Article
  • Addressing the Security Gap in High Velocity Modern Application Development Cycles

    Addressing the Security Gap in High Velocity Modern Application Development Cycles

    In November and December 2021, ESG interviewed HackerOne customers from three companies. Discussions centered on how they are adapting their application security programs.

    Read Article
  • loading
    Loading More...