Best Practices & Guidance
Advice and guidance from hacker-powered security experts.
-
The Hacker-Powered Security Report 2019
-
The Hacker-Powered Security Report 2019: Financial and Insurance
-
3 Ways Hacker-Powered Security Helps the Agile CISO
Security teams are challenged by the radical shifts in software development, from the fast pace and frequent releases to new languages and modern models. In that whirlwind, CISOs still have to...
-
Breaking Down the Benefits of Hacker-Powered Pentests
To produce their recent report “The Total Economic Impact Of HackerOne Challenge: Improved Security And Compliance”, Forrester Consulting interviewed customers that switched to HackerOne...
-
Don’t Believe These 4 Bug Bounty Myths
Bug Bounties have become rather popular lately. So have common misconceptions. We’re here to set the record straight. We sat down with Laurie Mercer, a security engineer at HackerOne, to tackle...
-
Total Economic Impact Study: HackerOne
Partnered content, this free study provides you with independent data and analysis to measure the value organizations could realize by moving from traditional penetration testing efforts to HackerOne.
-
451 Group Report: Bug Bounties and the Path to Secure Software
Third-party analyst report on how to choose and run a bug bounty program.
-
Worldwide Security Coverage for Unlimited Reach
Cybercriminals aren’t bound by borders, resulting in nearly $600 billion in losses every year. Hackers are your best defense against risks.
-
Vulnerability Disclosure Policy. What is it. Why you need one. How to get started.
This three-part series answers all your questions on VDP best practices.
-
Vulnerability Disclosure Policy Basics: 5 Critical Components
12-page booklet providing advice for creating a vulnerability disclosure page - along with great quotes about why this matters.
-
Guidance for Financial Services on Vulnerability Disclosure Policy Basics
Specific to Finserv on details needed to implement a complete and compliant policy. Takes the VDP guide and updates with finserv intro and Goldman Sachs policy example
-
The Beginners' Guide to Hacker-Powered Security
17-page booklet that highlights how hacker-powered security can work alongside established security efforts.
-
Secure from the Start: The Complete Guide for Entrepreneurs
Secure from the Start: The Complete Guide for Entrepreneurs summarizes the key security topics that every technology entrepreneur needs to understand.
-
The Hacker-Powered Security Report 2018: Financial Services + Insurance
Vulnerability data and hacker-powered security adoption metrics for the financial services industry.
-
Next-Gen Application Security Launch Effective Agile Security for Agile Development
Improving application security by incorporating bug bounties and crowdsourced pen tests into DevOps pipeline.
-
Top 20 Public Bug Bounty Programs
In this list, you’ll see which programs on the HackerOne platform ranked highest on the total amount of bounties awarded to hackers over the life of the program.
-
7 Common Security Pitfalls to Avoid When Migrating to the Cloud
12-page booklet that defines the most common security pitfalls when migrating to the cloud and how to prevent security regression.
-
Yelp
Quick blog recap and linkout to the Yelp engineering blog after their first 100 days of their public program. Good analysis and comparison of private to public transition.
-
Wordpress
Q&A their security team lead did with us on the blog, reprinted
-
The Shopify Case Study
Follow Shopify's hacker-powered security journey from the beginning: how responding to an external developers vulnerability report evolved to the model public bug bounty program that it is today.
-
Loading More...