HackerOne is a

vulnerability Vulnerability refers to "the quality or state of being exposed to the possibility of being attacked or harmed, either physically or emotionally." A window of vulnerability (WOV) is a time frame within which defensive measures are diminished, com ...

coordination and

bug bounty A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilit ...

platform that connects businesses with penetration testers and

cybersecurity Computer security, cybersecurity (cyber security), or information technology security (IT security) is the protection of computer systems and networks from attack by malicious actors that may result in unauthorized information disclosure, t ...

researchers. It was one of the first companies, along with Synack and

Bugcrowd Bugcrowd is a crowdsourced security platform. It was founded in 2011 and in 2019 it was one of the largest bug bounty and vulnerability disclosure companies on the internet. In March 2018 it secured $26 million in a Series C funding round le ...

, to embrace and utilize

crowd-sourced Crowdsourcing involves a large group of dispersed participants contributing or producing goods or services—including ideas, votes, micro-tasks, and finances—for payment or as volunteers. Contemporary crowdsourcing often involves digita ...

security and cybersecurity researchers as linchpins of its business model; it is the largest cybersecurity firm of its kind. As of May 2020, HackerOne's network had paid $100 million in bounties.

History

In 2011, Dutch hackers Jobert Abma and Michiel Prins attempted to find

security vulnerabilities Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by ...

in 100 prominent high-tech companies. They discovered flaws in all of the companies, including

Facebook Facebook is an online social media and social networking service owned by American company Meta Platforms. Founded in 2004 by Mark Zuckerberg with fellow Harvard College students and roommates Eduardo Saverin, Andrew McCollum, Dustin Mosk ...

Google Google LLC () is an American Multinational corporation, multinational technology company focusing on Search Engine, search engine technology, online advertising, cloud computing, software, computer software, quantum computing, e-commerce, ar ...

Apple An apple is an edible fruit produced by an apple tree (''Malus domestica''). Apple trees are cultivated worldwide and are the most widely grown species in the genus ''Malus''. The tree originated in Central Asia, where its wild ancestor, ' ...

Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washin ...

, and

Twitter Twitter is an online social media and social networking service owned and operated by American company Twitter, Inc., on which users post and interact with 280-character-long messages known as "tweets". Registered users can post, like, and ...

. Dubbing their efforts the "Hack 100", Abma and Prins contacted the at-risk firms. While many firms ignored their disclosure attempts, the

COO COO or coo may refer to: Business * Certificate of origin, used in international trade * Chief operating officer or chief operations officer, high-ranking corporate official * Concept of operations, used in Systems Engineering Management Process ...

of Facebook,

Sheryl Sandberg Sheryl Kara Sandberg (born August 28, 1969) is an American business executive, billionaire, and philanthropist. Sandberg served as chief operating officer (COO) of Meta Platforms, a position from which she stepped down in August 2022. She is al ...

, passed on the warning to their head of product security, Alex Rice. Rice, Abma and Prins connected, and together with Merijn Terheggen founded HackerOne in 2012. In November 2015, Terheggen stepped down from his role as CEO and was replaced by Marten Mickos. In November 2013, the company hosted a program encouraging the discovery and responsible disclosure of

software bugs A software bug is an error, flaw or fault in the design, development, or operation of computer software that causes it to produce an incorrect or unexpected result, or to behave in unintended ways. The process of finding and correcting bugs i ...

. Microsoft and Facebook funded the initiative, known as the

Internet Bug Bounty A bug bounty program is a deal offered by many websites, organizations and software developers by which individuals can receive recognition and compensation for reporting bugs, especially those pertaining to security exploits and vulnerabilit ...

project. By June 2015, HackerOne's bug bounty platform had identified approximately 10,000 vulnerabilities and paid researchers over $1 million in bounties. In September 2015, the company launched a Vulnerability Coordination Maturity Model, which then-policy chief

Katie Moussouris Katie Moussouris is an American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure, and is best known for her ongoing work advocating responsible security research. Previously a member of @stake, she created the ...

described as “an important effort from HackerOne to codify some reasonable minimum standards on how organizations handle incoming, unsolicited vulnerability reports.” In April 2017, the company announced 240% year-over-year customer growth in Europe, and the subsequent opening of additional European offices to serve increasing customer demand. Since the release of the 2019 Hacker Report two years ago, the HackerOne community has doubled in size to over one million registered hackers. While much of the community is still exploring and learning, there has been a 63% increase in the number of hackers submitting reports in 2020. That’s a 143% increase since 2018, demonstrating that hackers are growing their skills and expertise as organizations and industries across the globe invest in hacker-powered solutions. Hackers earned $40 million in 2020 alone, contributing to reaching the milestone of $100 million paid out to hackers on the HackerOne platform. Nine hackers have earned over $1 million dollars on the platform since 2019, and one hacker passed the $2 million mark in 2020. In April 2022, HackerOne acquired PullRequest, a code-review-as-a-service platform.

Funding

In May 2014, HackerOne received $9 million (USD) in Series A funding from venture capital firm

Benchmark Benchmark may refer to: Business and economics * Benchmarking, evaluating performance within organizations * Benchmark price * Benchmark (crude oil), oil-specific practices Science and technology * Benchmark (surveying), a point of known elevati ...

. A $25 million Series B round was led by

New Enterprise Associates New Enterprise Associates (NEA) is an American-based venture capital firm. NEA focuses investment stages ranging from seed stage through growth stage across an array of industry sectors. With ~$25 billion in committed capital, NEA is one of the w ...

. Angel investors include

Salesforce Salesforce, Inc. is an American cloud-based software company headquartered in San Francisco, California. It provides customer relationship management (CRM) software and applications focused on sales, customer service, marketing automation, a ...

CEO

Marc Benioff Marc Russell Benioff (born September 25, 1964) is an American internet entrepreneur and philanthropist. He is the co-founder, chairman and CEO of Salesforce, an enterprise cloud computing company. In September 2018, Benioff acquired ''Time (mag ...

Digital Sky Technologies VK, known as Mail.ru Group until 12 October 2021, is a Russian technology company. It started in 1998 as an e-mail service and went on to become a major corporate figure in the Russian-speaking segment of the Internet. VK operates an e-mail s ...

founder

Yuri Milner Yuri Borisovich (Bentsionovich) Milner (russian: Юрий Борисович (Бенционович) Мильнер; born 11 November 1961) is a Soviet-born Israeli entrepreneur, venture capitalist and physicist. He is a cofounder and former c ...

Dropbox Dropbox is a file hosting service operated by the American company Dropbox, Inc., headquartered in San Francisco, California, U.S. that offers cloud storage, file synchronization, personal cloud, and client software. Dropbox was founded in 2007 ...

chief executive

Drew Houston Andrew W. Houston (; born March 4, 1983) is an American Internet entrepreneur, and the co-founder and CEO of Dropbox, an online backup and storage service. According to ''Forbes'', his net worth is about $2.2 billion. Houston held 24.4 percent ...

and

Yelp Yelp Inc. is an American company that develops the Yelp.com website and the Yelp mobile app, which publish crowd-sourced reviews about businesses. It also operates Yelp Guest Manager, a table reservation service. It is headquartered in San F ...

CEO

Jeremy Stoppelman Jeremy Stoppelman (born November 10, 1977) is an American business executive. He is the CEO of Yelp, which he co-founded in 2004. Stoppelman obtained a bachelor's degree in computer engineering from the University of Illinois at Urbana–Champai ...

. A

Series C A venture round is a type of funding round used for venture capital financing, by which startup companies obtain investment, generally from venture capitalists and other institutional investors. The availability of venture funding is among the ...

round led by

Dragoneer Investment Group The Dragoneer Investment Group (Dragoneer) is an American investment firm based in San Francisco, California. The firm focuses on technology investments in both public and private markets globally. Background Dragoneer is based in San Francis ...

netted $40 million in February 2017 for a total of $74 million in investments to date. In April 2017, European-based venture capital fund

EQT Ventures EQT Ventures is the venture capital business of Sweden, Swedish Investment management, investment manager EQT Partners, EQT AB Group. In May 2016, EQT Ventures announced its first €566m fund that makes minority equity investments in European an ...

invested in the $40 million Series C funding round. In 2019, the company raised $36 million in Series D funding led by Valor Equity Partners.

U.S. Department of Defense Programs

In March 2016, the

U.S. Department of Defense The United States Department of Defense (DoD, USDOD or DOD) is an executive branch department of the federal government charged with coordinating and supervising all agencies and functions of the government directly related to national secur ...

(DoD) launched an initiative dubbed "Hack the Pentagon" using the HackerOne platform. The 24-day program resulted in the discovery and mitigation of 138 vulnerabilities in DoD websites, with over $70,000 (USD) in bounties paid to participating researchers. In October of the same year, DoD developed a Vulnerability Disclosure Policy (VDP), the first of its kind created for the U.S. government. The policy outlines the conditions under which cybersecurity researchers may legally explore front-facing programs for security vulnerabilities. The first use of the VDP launched as part of the "Hack the Army" initiative, which was also the first time this branch of the U.S. military welcomed hackers to find and report security flaws in its systems. The ''Hack the Army'' initiative resulted in 118 valid vulnerability reports; 371 participants, including 25 government workers and 17 military personnel, took part. Approximately $100,000 (USD) in total was awarded to participating researchers. In May 2017, DoD extended the program to "Hack the Air Force". This program led to the discovery of 207 vulnerabilities, netting more than $130,000 (USD) in paid bounties. As of the end of 2017, DoD has learned of and fixed thousands of vulnerabilities through their vulnerability disclosure initiatives.

Events and Live Hacking

In February 2017, HackerOne sponsored an invitation-only hackathon, gathering security researchers from around the world to hack e-commerce sites

Airbnb Airbnb, Inc. ( ), based in San Francisco, California, operates an online marketplace focused on short-term homestays and experiences. The company acts as a broker and charges a commission from each booking. The company was founded in 2008 b ...

and

Shopify Shopify Inc. is a Canadian multinational e-commerce company headquartered in Ottawa, Ontario. Shopify is the name of its proprietary e-commerce platform for online stores and retail point-of-sale systems. The Shopify platform offers online ret ...

for vulnerabilities. This was the second such hackathon, with the company hosting one in Las Vegas in August 2016 during the

Black Hat Black hat, blackhats, or black-hat refers to: Arts, entertainment, and media * Black hat (computer security), a hacker who violates computer security for little reason beyond maliciousness or for personal gain * Black hat, part of black and whit ...

Security Conference. In 2018, HackerOne hosted Live Hacking events in cities across the US, Asia. Asia (India) represents won the first place win $1 million bounty cash has been awarded to Mohana Rangam . And over $1 million in bounty cash has been awarded at next events, with

Oath Inc. Traditionally an oath (from Anglo-Saxon ', also called plight) is either a statement of fact or a promise taken by a sacrality as a sign of verity. A common legal substitute for those who conscientiously object to making sacred oaths is to giv ...

(now called

Verizon Media Verizon Communications Inc., commonly known as Verizon, is an American multinational telecommunications conglomerate and a corporate component of the Dow Jones Industrial Average. The company is headquartered at 1095 Avenue of the Americas i ...

) paying over $400,000 in bounties during a single event in San Francisco, CA in April 2018. In October 2017, HackerOne hosted their first conference, called Security@ San Francisco. The 200-attendee event included speakers from DoD, General Motors and

Uber Uber Technologies, Inc. (Uber), based in San Francisco, provides mobility as a service, ride-hailing (allowing users to book a car and driver to transport them in a way similar to a taxi), food delivery (Uber Eats and Postmates), packa ...

and also featured talks from hackers.

Courses

HackerOne like

have an online course to help people find bugs in a

security system A security alarm is a system designed to detect intrusion, such as unauthorized entry, into a building or other areas such as a home or school. Security alarms used in residential, commercial, industrial, and military properties protect against ...

and other

techniques. Each crowd source security platform will have a different approach and a specific goal they focus on. HackerOne primarily focuses on penetration testing services with security certifications, including ISO 27001 and FedRAMP authorization. While others in the field, like Bugcrowd, focus on

attack surface The attack surface of a software environment is the sum of the different points (for " attack vectors") where an unauthorized user (the "attacker") can try to enter data to or extract data from an environment. Keeping the attack surface as small a ...

management and a broad spectrum of penetration testing services for IoT,

API An application programming interface (API) is a way for two or more computer programs to communicate with each other. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how ...

, and even network. HackerOne's new initiative learn to hac
hacker101
helping many security researchers.

Locations

HackerOne is headquartered in

San Francisco San Francisco (; Spanish for " Saint Francis"), officially the City and County of San Francisco, is the commercial, financial, and cultural center of Northern California. The city proper is the fourth most populous in California and 17th ...

. The company maintains a development office in

Groningen, Netherlands Groningen (; gos, Grunn or ) is the capital city and main municipality of Groningen province in the Netherlands. The ''capital of the north'', Groningen is the largest place as well as the economic and cultural centre of the northern part of t ...

. In April 2017, the company announced the addition of offices in the London, UK and Germany.

References

{{Reflist, 30em

External links

Company Website

Company Profile: Bloomberg

BugSheet Bug Bounties & Disclosure Programs
(Community Curated) Companies based in San Francisco 2012 establishments in California Computer security companies