HackerOne Team

Security vulnerabilities are a significant workflow disruption when discovered near the end of development. Vulnerabilities found after release are a bigger problem. Depending on the severity,...

Learn more about the DoD DIB-VDP Pilot here.

Reducing risk is fundamental to Wix’s approach to cybersecurity, and as the threat landscape evolves, they turn to HackerOne Bounty to protect their security posture. Since 2018, Wix has invited...

Today, HackerOne published The 2022 Attack Resistance Report: A HackerOne Security Survey. Our research revealed an increasing gap—the attack resistance gap—between what organizations can defend...

A.S. Watson Group knows this as well as anyone. As the world’s largest international health and beauty retailer, they are in charge of the security for a footprint that includes more than 16,400...

This week, we rolled out an improvement to account security on the HackerOne website. We now block the use of any password known to have been compromised in major data breaches. This applies to...

We sat down with James Ritchey, Application Security Team Manager at GitLab and a three-year member of HackerOne’s Technical Advisory Board. James talked about how GitLab is shifting left to bring...

In 2020, we launched the Hack for Good program to allow ethical hackers to donate their bounties to charitable causes. With the world's eyes on the invasion of Ukraine, we are inviting hackers to...

In November and December 2021, ESG interviewed HackerOne customers from three companies. Discussions centered on how they are adapting their application security programs.

John Deere’s CISO, James Johnson, and his team are committed to ensuring that the people who depend on John Deere for their livelihood rest easy knowing their information and products are secure....

Maintaining the security of the digital assets within the Defense Industrial Base (DIB) contractor networks helps defend the United States of America. For the last nine months, Department of...

Many security teams use the OWASP Top 10 as a guideline to understand where they should focus their security strategies and cyberattack prevention efforts. The OWASP Top 10 originated in 2003 and...

December 17th Update:  Vulnerabilities in Log4j have been evolving over the course of this week since the original disclosure of CVE-2021-44228, also known as Log4Shell.  There is now a second...

What Is the Common Vulnerability Scoring System? CVSS is a free and open industry standard for assessing the severity of computer system security vulnerabilities. It produces a numerical score to...

Among the topics they explored included the success of their long-running bug bounty programs in discovering security vulnerabilities, how to explain program value to C-suite executives, and why...