HackerOne met with Katie Savage, Deputy Chief Digital & Artificial Intelligence Officer at DDS, and Melissa Vice, Director, DoD VDP at DC3 from the organizing teams of Hack U.S. to discuss the impact of the challenge, why they consider hackers a must-have for an effective defense-in-depth strategy, and how the findings from Hack U.S. will help secure public-facing U.S. government information systems long-term.
Most Recent Articles
![Lessons from HackerOne’s First Recharge Week](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.hackerone.com%2Fsites%2Fdefault%2Ffiles%2F2024-07%2Fman-hat-lincoln-memorial.jpg&size=1&version=1722045489&sig=baeb850b0037bbab9df6ef122a1e7ad3&default=hubs%2Ftilebg-blogs.jpg)
Our first-ever Recharge Week – July 1–5, 2024—aimed at giving most company employees a simultaneous week off to rest, pursue hobbies, and spend time with loved ones, free from the demands of work...
![HIPAA and Pentesting: What You Need to Know](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.hackerone.com%2Fsites%2Fdefault%2Ffiles%2F2024-07%2FPTaaS_BlogImage3.jpg&size=1&version=1721953908&sig=7f5ad36ecedf75ba4264f0e36f610e78&default=hubs%2Ftilebg-blogs.jpg)
HIPAA regulatory standards outline the lawful use, disclosure, and safeguarding of protected health information (PHI). Any organization that collects or handles PHI must comply with HIPAA rules....
![Hack My Career: Meet Naz Bozdemir](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.hackerone.com%2Fsites%2Fdefault%2Ffiles%2F2024-07%2Fhack%2520my%2520career_naz%2520pic.png&size=1&version=1721862789&sig=3a821f8bc7d664e2d2f26337b1a9f25a&default=hubs%2Ftilebg-blogs.jpg)
We talked to Naz Bozdemir, Product Marketing Lead, about her unique path and asked her to share insights into her career.From International Relations to CybersecurityNaz’s adventure started with a...
![Custom Inbox Enhancements: Revolutionizing Vulnerability Management for Enterprises](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Flh7-rt.googleusercontent.com%2Fdocsz%2FAD_4nXeMhzyNh52-xwZOCABP6GBlgdS5zEpbXDcAx7HXxojEPI5ah2oi3C1wTYj65W0iAzmDzv0cka4w-ySgUgs_I7SiEb_yv2cao3YAvxvZOn-_c2VbCIb0ARqmE2rsaW_Kx5Q23Qc0oy2SWKiAM2_nOs0Xbuul%3Fkey%3D9Q2WaodJ3r3qme9o1nODRA&size=1&version=1721783468&sig=736d497816851931701d1f439905ee06&default=hubs%2Ftilebg-blogs.jpg)
Introducing Custom InboxesCustom Inboxes provide our enterprise customers with unparalleled flexibility in report management. Now, organizational administrators can create, remove, and edit up to...
![How HackerOne Organizes a Remote Hack Week](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.hackerone.com%2Fsites%2Fdefault%2Ffiles%2F2024-07%2Fhack%2520week%25202024.png&size=1&version=1721268042&sig=8f230163965dbe516b3f109adffe350e&default=hubs%2Ftilebg-blogs.jpg)
This year's Hack Week was dedicated to artificial intelligence (AI), and teams worked together to problem-solve and explore new projects, keeping this theme in mind.A dedicated hack week or hack...
![10 Years of the GitHub Security Bug Bounty Program](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Flh7-us.googleusercontent.com%2Fdocsz%2FAD_4nXcNgTDMKfe6d2DwBgRzLbXb7X79a5Gk3Kj3snMw4k2fx35ZrbHCnKN3BmlM490Vg0RXPiQN7Ws9IBMi-fBpLRr6JiI-Uuk2p3M_8zGT0QwmW0fn5nYMYjRihuojGbVqa9z4_ARO0sPXZnncDPsV5Y3Cg7AK%3Fkey%3DX6s2M9Rbx_szOR6xn1alxQ&size=1&version=1721099190&sig=ac51cd49e2fdf805574beaff20dce14a&default=hubs%2Ftilebg-blogs.jpg)
Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a new milestone: 10...
![Feedback-Driven Interviewing at HackerOne](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.hackerone.com%2Fsites%2Fdefault%2Ffiles%2F2024-07%2F_DSC6555.jpg&size=1&version=1720739492&sig=e117a40c6c2cc034f708f25c57d74e21&default=hubs%2Ftilebg-blogs.jpg)
The Talent Acquisition team currently has a net promoter score (NPS) of 56%, while the industry standard is 50%. However, we can improve and refine our hiring practices to attract and retain the...
![What HackerOne Customers Say About the Problems Hackers Solve](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.hackerone.com%2Fsites%2Fdefault%2Ffiles%2F2024-07%2Fproblems%2520hackers%2520solve%2520blog%2520header%25402x.png&size=1&version=1721099190&sig=40d00d80c6adcfd98ede43157bf0e399&default=hubs%2Ftilebg-blogs.jpg)
The Problems Customers Use Ethical Hackers To SolveOrganizations work with ethical hackers to address a range of issues, including knowing unknowns, preventing breaches, meeting regulatory...
![Pentesting for Web Applications](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Flh7-us.googleusercontent.com%2Fdocsz%2FAD_4nXch2xzgFHjxarIw-gxK4HJmliE3C5LU45NI1NnLfNHxd73lgfcF8XAov94PvhVGuwi7evLv9gF-L54yuQGYCxmn2QD2Aa-lCrIz2EmbIAOAofPZfC2R159ueuiH6UcOTbmzLmPj65KSjqBY9gibie_x9ww%3Fkey%3DyknYtmEOens2JmdP4yKnvw&size=1&version=1720739492&sig=42d10993da70d32cf06b54ef0d9108b6&default=hubs%2Ftilebg-blogs.jpg)
Pentest reports are a requirement for many security compliance certifications (such as ISO 27001 and SOC 2), and having regular pentest reports on hand can also signal to high-value customers that...
![DORA: What You Need to Know](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.hackerone.com%2Fsites%2Fdefault%2Ffiles%2F2024-07%2FBlogImages_763x462_BlogImage_BugBounty-5%2520%25281%2529.png&size=1&version=1720540192&sig=71fc9bd6cfe7da4c307e2cc7a0066574&default=hubs%2Ftilebg-blogs.jpg)
DORA focuses on Information and Communications Technology (ICT) systems and applies to all financial institutions in the EU. This includes traditional entities such as banks, insurance companies,...
![What HackerOne Customers Say About Remediating Vulnerabilities and Getting the Best Results From Hackers](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.hackerone.com%2Fsites%2Fdefault%2Ffiles%2F2024-06%2Fhackerone%2520customers%2520remediating%2520vulns%2520and%2520getting%2520the%2520most%2520out%2520of%2520hackers%2520blog%2520header%25402x.png&size=1&version=1721099190&sig=37ccc60c4b4d0739ea6463757abae250&default=hubs%2Ftilebg-blogs.jpg)
Remediating Vulnerabilities Streamlining communication between hackers and security teams, HackerOne customers are able to quickly and thoroughly remediate vulnerabilities before they result in a...
![Introducing HackerOne's Hai API: Revolutionize Your Workflow Automation with AI](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Flh7-us.googleusercontent.com%2Fdocsz%2FAD_4nXeFgcNYr_IXm0WzW0pVPFEyy7k1NBDmwnDS5IebyM6k3afpzeCMai97OsUGLB5wewJuN02QpkqIH3A78BncwDX0hX5EdmL7OaO3gSNsguBjaAf_HTUKUyTh0rC0CFlDF27hrxFNKCNsAGrRvvxQjn2IhJM%3Fkey%3DMJEZT-rdhFsdvOWLLlF5iA&size=1&version=1719610942&sig=0b5799c384914943b7c9e9787aeea12a&default=hubs%2Ftilebg-blogs.jpg)
Unlocking the Power of the Hai APIAt HackerOne, we believe in practicing what we preach. To help get an idea of what's possible with the Hai API, we built our own automation powered by the Hai API...
![Introducing HackerOne's Hai API: Revolutionize Your Workflow Automation with AI](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Flh7-us.googleusercontent.com%2Fdocsz%2FAD_4nXeFgcNYr_IXm0WzW0pVPFEyy7k1NBDmwnDS5IebyM6k3afpzeCMai97OsUGLB5wewJuN02QpkqIH3A78BncwDX0hX5EdmL7OaO3gSNsguBjaAf_HTUKUyTh0rC0CFlDF27hrxFNKCNsAGrRvvxQjn2IhJM%3Fkey%3DMJEZT-rdhFsdvOWLLlF5iA&size=1&version=1719610942&sig=0b5799c384914943b7c9e9787aeea12a&default=hubs%2Ftilebg-blogs.jpg)
Unlocking the Power of the Hai APIAt HackerOne, we believe in practicing what we preach. To help get an idea of what's possible with the Hai API, we built our own automation powered by the Hai API...
![Common Ecommerce Vulnerabilities: Reflected XSS](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.hackerone.com%2Fsites%2Fdefault%2Ffiles%2Finline-images%2FScreenshot%25202024-06-27%2520at%25201.41.56%25E2%2580%25AFPM.png&size=1&version=1719532131&sig=08c38947924e447199b77b779015681c&default=hubs%2Ftilebg-blogs.jpg)
Specifically, we are looking at Reflected XSS (RXSS) in e-commerce services. According to the 7th Annual Hacker-Powered Security Report, Reflected XSS accounts for 10% of all bugs reported in...
![Pentesting for NIST 800-53, FISMA, and FedRAMP](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.hackerone.com%2Fsites%2Fdefault%2Ffiles%2F2024-06%2FBlogImages_763x462_BlogImage_Policy-5.png&size=1&version=1719532131&sig=bc94bd7243f44e35c38b78c2d520573e&default=hubs%2Ftilebg-blogs.jpg)
Overview of NIST 800-53, FISMA, and FedRAMPThe National Institute of Standards and Technology (NIST) is a U.S. federal agency responsible for developing and promoting technology standards and...
![Pride Month: Stories from Our LGBTQ+ Employees](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.hackerone.com%2Fsites%2Fdefault%2Ffiles%2Finline-images%2FKirsten.png&size=1&version=1720739491&sig=d515983e9bae01de4231d9ce4ab4f5c2&default=hubs%2Ftilebg-blogs.jpg)
We believe in fostering an environment where everyone feels valued and empowered to be their authentic selves, both in and out of the workplace. Today, we are showcasing three HackerOne employees...
![How to Find XSS](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Flh7-us.googleusercontent.com%2Fdocsz%2FAD_4nXfBY2qRYAcPN5IbVq0a1QLPTcY-rT-oS1ZJopzcbHNETGkbFIYwY8MwYNEVM9P9uxnEnB-60pT_s8dNZDJh8BQYQRcAnRd4HccVF-FnXV77Yt7h8FysJFRM3atWLzWeoQPsqrpD0PygnRXEX0lRy9c4YmSY%3Fkey%3DuGvs3gjBflDxhAxPiVnc8Q&size=1&version=1720739491&sig=660e83acc8455772fcc08fa295808b93&default=hubs%2Ftilebg-blogs.jpg)
What Is XSS?XSS, short for Cross-Site Scripting, is a common type of vulnerability in web applications that executes arbitrary JavaScript in the victim's browser. XSS can often be chained with...
![Celebrating International Women in Engineering Day](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.hackerone.com%2Fsites%2Fdefault%2Ffiles%2Finline-images%2Fcaroline.png&size=1&version=1720739491&sig=12c217e6648c3f94d6bd991d8a2b1c58&default=hubs%2Ftilebg-blogs.jpg)
While there has been progress in increasing the number of women in engineering roles, the representation of women in this field remains relatively low, and retention remains a significant...
![Sales Development Representatives Win as a Team](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Fwww.hackerone.com%2Fsites%2Fdefault%2Ffiles%2Finline-images%2Fimage%2520%252811%2529_0.png&size=1&version=1720739491&sig=8ea8242888b9436ffb8df358dc3d69cb&default=hubs%2Ftilebg-blogs.jpg)
In the following interview, Jessica discusses how she embodies HackerOne’s Win as a Team company value to drive her team's success.What does Win as a Team mean to you?To me, winning as a team is...
![Community-driven PTaaS vs. Traditional Pentesting](https://content.cdntwrk.com/mediaproxy?url=https%3A%2F%2Flh7-us.googleusercontent.com%2Fdocsz%2FAD_4nXfIqBXTWnx7a_YfGmiBZC-HjTBxhhIp9XbrXTyjHpNOua9tx6CCn_Kj3sCOKYTujz3JOPMzop6Y1v65uTHJYciJGEYlkKnoXyyewY1kUJQ0083pnYs4Dw0MuZIltZ4B2xvG5gZjP_EmHp2w9bZ6M_1GiBsU%3Fkey%3DuikA_bV8sLWj97LhSsriOA&size=1&version=1718740470&sig=1230f16b9802a87a36acac0a3c125868&default=hubs%2Ftilebg-blogs.jpg)
Modern pentesting approaches use independent security researchers working under strict NDAs and advanced software platforms to streamline the process. However, with many vendors focusing on other...