Amazon's Security Researcher Collaboration: Highlights from H1-213
HackerOne
#1 Trusted Security Platform and Hacker Program
Author: Alejandro Federico Iacobelli, Application Security Director, Mercado Libre Since the emergence of XP in the mid-'90s, agile development methodologies have rapidly gained popularity....
This event’s focus was getting more women to participate in bug bounty programs, as we noticed the community is relatively small. When our industry friends from GitHub and Capital One reached out...
I understand the importance of Zero Trust but, personally, I’ve had a hard time bridging the gap between how the world of vulnerability disclosure and ethical hacking aligns with Zero Trust when...
Stepped-up SEC Enforcement Makes Proactive Security a Must The SEC’s finalized cybersecurity rules, effective starting mid-December 2023, place a spotlight on requirements for transparency...
Our understanding of leadership and employee needs and the ability to build learning and development content made it easier for us to make development recommendations in a fast-paced global...
Automated scanners and tools are noisy; they do not know your business and can’t extrapolate context to truly understand validity and impact. Severity ratings are inflated guesses, and volume is...
New and Upcoming Public Policy on VDPs VDPs are in the midst of a shift from an industry best practice to a legal requirement. Lawmakers and regulators increasingly understand that VDPs are an...
What Is Pentesting? Pentesting attempts to ethically breach a system's security for the purpose of vulnerability identification. In most cases, both humans and automated programs research, probe,...
To ensure that AI is more secure and trustworthy, the EO calls on companies who develop AI and other companies in critical infrastructure that use AI to rely on “red-teaming”: testing to find...
1. Unprepared to Manage Incoming Vulnerability Reports Naturally, the purpose of running a bug bounty program is to identify vulnerabilities beyond what your security team can find — and...
“With help from hackers, Salesforce can consistently put its products and systems to the test, as well as boost security throughout the entire software development lifecycle. This live hacking...
HackerOne's AI can already be used to: 1. Help automate vulnerability detection, using Nuclei, for example 2. Provide a summary of a hacker's history across many vulnerabilities 3. Provide...
At HackerOne, we've always been committed to helping customers navigate the complex landscape of prioritizing vulnerability remediation. The CVE Discovery feature in Hacktivity is instrumental in...
The Ambassador World Cup So Far Teams & hackers The Ambassador World Cup started out with 29 teams and 677 hackers from 22 different countries. Entering the Final Four, 580 hackers across 25...
Recently, a cybercriminal gang targeted the Las Vegas casino scene by extracting an eight-figure ransom from Caesars Entertainment and bringing slot machines to a halt at MGM Resorts. Politico...
Coordinated Vulnerability Disclosure (CVD) or Vulnerability Disclosure Policies (VDP) for technology are key components of a security strategy that builds trust with users and stakeholders. A VDP...
The rule requires public companies to report material cybersecurity incidents and annually report on elements of their cybersecurity risk management and strategy. Companies that are publicly...
The program began in 2021 as an internal resource for engineers to be mentors and mentees. Mentors build their leadership and mentorship skills, while mentees improve on areas they want to...
The HackerOnesie instantly became famous the day it was introduced in 2017. Although it has been known to carry magical powers, it is now one of the most sought-after swag items. But you have to...
Earlier this year, I was part of a HackerOne team that developed the Women in Sales Employee Resource Group (ERG). This voluntary, employee-led group celebrates and acknowledges the contributions...
