Best Practices & Guidance

Advice and guidance from hacker-powered security experts.

  • The Hacker-Powered Security Report 2019

    The Hacker-Powered Security Report 2019

    Read More
  • The Hacker-Powered Security Report 2019: Financial and Insurance

    The Hacker-Powered Security Report 2019: Financial and Insurance

    Read More
  • 3 Ways Hacker-Powered Security Helps the Agile CISO

    3 Ways Hacker-Powered Security Helps the Agile CISO

    Security teams are challenged by the radical shifts in software development, from the fast pace and frequent releases to new languages and modern models. In that whirlwind, CISOs still have to...

    Read Article
  • Breaking Down the Benefits of Hacker-Powered Pentests

    Breaking Down the Benefits of Hacker-Powered Pentests

    To produce their recent report “The Total Economic Impact Of HackerOne Challenge: Improved Security And Compliance”, Forrester Consulting interviewed customers that switched to HackerOne...

    Read Article
  • Don’t Believe These 4 Bug Bounty Myths

    Don’t Believe These 4 Bug Bounty Myths

    Bug Bounties have become rather popular lately. So have common misconceptions. We’re here to set the record straight. We sat down with Laurie Mercer, a security engineer at HackerOne, to tackle...

    Read Article
  • Total Economic Impact Study: HackerOne

    Total Economic Impact Study: HackerOne

    Partnered content, this free study provides you with independent data and analysis to measure the value organizations could realize by moving from traditional penetration testing efforts to HackerOne.

    Read More
  • 451 Group Report: Bug Bounties and the Path to Secure Software

    451 Group Report: Bug Bounties and the Path to Secure Software

    Third-party analyst report on how to choose and run a bug bounty program.

    Read More
  • Worldwide Security Coverage for Unlimited Reach

    Worldwide Security Coverage for Unlimited Reach

    Cybercriminals aren’t bound by borders, resulting in nearly $600 billion in losses every year. Hackers are your best defense against risks.

    Read More
  • Vulnerability Disclosure Policy. What is it. Why you need one. How to get started.

    Vulnerability Disclosure Policy. What is it. Why you need one. How to get started.

    This three-part series answers all your questions on VDP best practices.

    Read More
  • Vulnerability Disclosure Policy Basics: 5 Critical Components

    Vulnerability Disclosure Policy Basics: 5 Critical Components

    12-page booklet providing advice for creating a vulnerability disclosure page - along with great quotes about why this matters.

    Read More
  • Guidance for Financial Services on Vulnerability Disclosure Policy Basics

    Guidance for Financial Services on Vulnerability Disclosure Policy Basics

    Specific to Finserv on details needed to implement a complete and compliant policy. Takes the VDP guide and updates with finserv intro and Goldman Sachs policy example

    Read More
  • The Beginners' Guide to Hacker-Powered Security

    The Beginners' Guide to Hacker-Powered Security

    17-page booklet that highlights how hacker-powered security can work alongside established security efforts.

    Read More
  • Secure from the Start: The Complete Guide for Entrepreneurs

    Secure from the Start: The Complete Guide for Entrepreneurs

    Secure from the Start: The Complete Guide for Entrepreneurs summarizes the key security topics that every technology entrepreneur needs to understand.

    Read More
  • The Hacker-Powered Security Report 2018: Financial Services + Insurance

    The Hacker-Powered Security Report 2018: Financial Services + Insurance

    Vulnerability data and hacker-powered security adoption metrics for the financial services industry.

    Read More
  • Next-Gen Application Security Launch Effective Agile Security for Agile Development

    Next-Gen Application Security Launch Effective Agile Security for Agile Development

    Improving application security by incorporating bug bounties and crowdsourced pen tests into DevOps pipeline.

    Read More
  • Top 20 Public Bug Bounty Programs

    Top 20 Public Bug Bounty Programs

    In this list, you’ll see which programs on the HackerOne platform ranked highest on the total amount of bounties awarded to hackers over the life of the program.

    Read More
  • 7 Common Security Pitfalls to Avoid When Migrating to the Cloud

    7 Common Security Pitfalls to Avoid When Migrating to the Cloud

    12-page booklet that defines the most common security pitfalls when migrating to the cloud and how to prevent security regression.

    Read More
  • Yelp

    Yelp

    Quick blog recap and linkout to the Yelp engineering blog after their first 100 days of their public program. Good analysis and comparison of private to public transition.

    Read More
  • Wordpress

    Wordpress

    Q&A their security team lead did with us on the blog, reprinted

    Read More
  • The Shopify Case Study

    The Shopify Case Study

    Follow Shopify's hacker-powered security journey from the beginning: how responding to an external developers vulnerability report evolved to the model public bug bounty program that it is today.

    Read More
  • loading
    Loading More...