HackerOne Inc. is a

cybersecurity Computer security (also cybersecurity, digital security, or information technology (IT) security) is a subdiscipline within the field of information security. It consists of the protection of computer software, systems and networks from thr ...

operations

technology company A technology company (or tech company) is a company that focuses primarily on the manufacturing, support, research and development of—most commonly computing, telecommunication and consumer electronics–based—technology-intensive products and ...

managed by certified information system security professionals who conduct vulnerability threat assessments to identify bugs found on a website, application or server. It was one of the first companies to embrace and utilize

crowd-sourced Crowdsourcing involves a large group of dispersed participants contributing or producing goods or services—including ideas, votes, micro-tasks, and finances—for payment or as volunteers. Contemporary crowdsourcing often involves digit ...

security and

researchers as linchpins of its business model; pioneering bug bounty and coordinated vulnerability disclosure. As of December 2022, HackerOne's network had paid over $230 million in bounties. HackerOne's customers include

U.S. The United States of America (USA), also known as the United States (U.S.) or America, is a country primarily located in North America. It is a federal republic of 50 states and a federal capital district, Washington, D.C. The 48 contiguous ...

Department of State The United States Department of State (DOS), or simply the State Department, is an executive department of the U.S. federal government responsible for the country's foreign policy and relations. Equivalent to the ministry of foreign affairs ...

, U.S. Department of Defense,

General Motors General Motors Company (GM) is an American Multinational corporation, multinational Automotive industry, automotive manufacturing company headquartered in Detroit, Michigan, United States. The company is most known for owning and manufacturing f ...

GitHub GitHub () is a Proprietary software, proprietary developer platform that allows developers to create, store, manage, and share their code. It uses Git to provide distributed version control and GitHub itself provides access control, bug trackin ...

Goldman Sachs The Goldman Sachs Group, Inc. ( ) is an American multinational investment bank and financial services company. Founded in 1869, Goldman Sachs is headquartered in Lower Manhattan in New York City, with regional headquarters in many internationa ...

, Chaturbate,

Google Google LLC (, ) is an American multinational corporation and technology company focusing on online advertising, search engine technology, cloud computing, computer software, quantum computing, e-commerce, consumer electronics, and artificial ...

Hyatt Hyatt Hotels Corporation, commonly known as Hyatt Hotels & Resorts, is an American multinational corporation, multinational hospitality company headquartered in the 150 North Riverside, Riverside Plaza area of Chicago that manages and franchise ...

Lufthansa Deutsche Lufthansa AG (), trading as the Lufthansa Group, is a German aviation group. Its major and founding subsidiary airline Lufthansa German Airlines, branded as Lufthansa, is the flag carrier of Germany. It ranks List of largest airlin ...

Microsoft Microsoft Corporation is an American multinational corporation and technology company, technology conglomerate headquartered in Redmond, Washington. Founded in 1975, the company became influential in the History of personal computers#The ear ...

, MINDEF Singapore,

Nintendo is a Japanese Multinational corporation, multinational video game company headquartered in Kyoto. It develops, publishes, and releases both video games and video game consoles. The history of Nintendo began when craftsman Fusajiro Yamauchi ...

PayPal PayPal Holdings, Inc. is an American multinational financial technology company operating an online payments system in the majority of countries that support E-commerce payment system, online money transfers; it serves as an electronic alter ...

, Slack,

Twitter Twitter, officially known as X since 2023, is an American microblogging and social networking service. It is one of the world's largest social media platforms and one of the most-visited websites. Users can share short text messages, image ...

, and

Yahoo Yahoo (, styled yahoo''!'' in its logo) is an American web portal that provides the search engine Yahoo Search and related services including My Yahoo, Yahoo Mail, Yahoo News, Yahoo Finance, Yahoo Sports, y!entertainment, yahoo!life, an ...

History

In 2011, Dutch hackers Jobert Abma and Michiel Prins attempted to find security vulnerabilities in 100 prominent high-tech companies. They discovered flaws in all of the companies, including

Facebook Facebook is a social media and social networking service owned by the American technology conglomerate Meta Platforms, Meta. Created in 2004 by Mark Zuckerberg with four other Harvard College students and roommates, Eduardo Saverin, Andre ...

, Google,

Apple An apple is a round, edible fruit produced by an apple tree (''Malus'' spp.). Fruit trees of the orchard or domestic apple (''Malus domestica''), the most widely grown in the genus, are agriculture, cultivated worldwide. The tree originated ...

, Microsoft, and Twitter. Dubbing their efforts the "Hack 100", Abma and Prins contacted the at-risk firms. While many firms ignored their disclosure attempts, the COO of Facebook, Sheryl Sandberg, passed on the warning to their head of product security, Alex Rice. Rice, Abma and Prins connected, and together with Merijn Terheggen founded HackerOne in 2012. In November 2015, Terheggen stepped down from his role as

CEO A chief executive officer (CEO), also known as a chief executive or managing director, is the top-ranking corporate officer charged with the management of an organization, usually a company or a nonprofit organization. CEOs find roles in variou ...

and was replaced by Marten Mickos. In November 2013, the company hosted a program encouraging the discovery and responsible disclosure of

software bugs A software bug is a design defect ( bug) in computer software. A computer program with many or serious bugs may be described as ''buggy''. The effects of a software bug range from minor (such as a misspelled word in the user interface) to sev ...

. Microsoft and Facebook funded the initiative, known as the Internet Bug Bounty project. By June 2015, HackerOne's bug bounty platform had identified approximately 10,000 vulnerabilities and paid researchers over $1 million in bounties. In September 2015, the company launched a Vulnerability Coordination Maturity Model, which then-policy chief Katie Moussouris described as “an important effort from HackerOne to codify some reasonable minimum standards on how organizations handle incoming, unsolicited vulnerability reports.” In April 2017, the company announced 240% year-over-year customer growth in Europe, and the subsequent opening of additional European offices to serve increasing customer demand. In April 2022, HackerOne acquired PullRequest, a code-review-as-a-service platform.

Funding

In May 2014, HackerOne received $9 million (USD) in Series A funding from venture capital firm Benchmark. A $25 million Series B round was led by

New Enterprise Associates New Enterprise Associates (NEA) is an American-based venture capital firm. NEA focuses investment stages ranging from seed stage through growth stage across an array of industry sectors. With over $25 billion in committed capital, NEA is one of t ...

. Angel investors include

Salesforce Salesforce, Inc. is an American cloud-based software company headquartered in San Francisco, California. It provides applications focused on sales, customer service, marketing automation, e-commerce, analytics, artificial intelligence, and ap ...

CEO

Marc Benioff Marc Russell Benioff (born September 25, 1964) is an American internet entrepreneur and philanthropist. Benioff is best known as the co-founder, chairman and CEO of the software company Salesforce, as well as being the owner of ''Time (magazine ...

Digital Sky Technologies VK, known as Mail.ru Group until 12 October 2021, is a Russian technology company. It started in 1998 as the parent company of Mail.ru, an e-mail service and went on to become a major corporate figure in the Russian-speaking segment of the Int ...

founder Yuri Milner,

Dropbox Dropbox is a file hosting service operated by the American company Dropbox, Inc., headquartered in San Francisco, California, that offers cloud storage, file synchronization, personal cloud, and Client (computing), client software. Dropbox w ...

chief executive Drew Houston and Yelp CEO Jeremy Stoppelman. A Series C round led by Dragoneer Investment Group netted $40 million in February 2017 for a total of $74 million in investments to date. In April 2017, European-based venture capital fund

EQT Ventures EQT Ventures is the venture capital business of Swedish investment manager EQT AB EQT AB is a Swedish global investment organization founded in 1994. Its funds invest in private equity (EQT Private Capital Europe & North America), infrast ...

invested in the $40 million Series C funding round. In 2019, the company raised $36 million in Series D funding led by Valor Equity Partners.

U.S. Department of Defense Programs

In March 2016, the U.S. Department of Defense (DoD) launched an initiative dubbed "Hack the Pentagon" using the HackerOne platform. The 24-day program resulted in the discovery and mitigation of 138 vulnerabilities in DoD websites, with over $70,000 (USD) in bounties paid to participating researchers. In October of the same year, DoD developed a Vulnerability Disclosure Policy (VDP), the first of its kind created for the U.S. government. The policy outlines the conditions under which cybersecurity researchers may legally explore front-facing programs for security vulnerabilities. The first use of the VDP launched as part of the "Hack the Army" initiative, which was also the first time this branch of the U.S. military welcomed hackers to find and report security flaws in its systems. The ''Hack the Army'' initiative resulted in 118 valid vulnerability reports; 371 participants, including 25 government workers and 17 military personnel, took part. Approximately $100,000 (USD) in total was awarded to participating researchers. In May 2017, DoD extended the program to "Hack the Air Force". This program led to the discovery of 207 vulnerabilities, netting more than $130,000 (USD) in paid bounties. As at the end of 2017, DoD had learned of and fixed thousands of vulnerabilities through their vulnerability disclosure initiatives. During August 2022, Defense Digital partnered with the U.S.

Air Force An air force in the broadest sense is the national military branch that primarily conducts aerial warfare. More specifically, it is the branch of a nation's armed services that is responsible for aerial warfare as distinct from an army aviati ...

at the Air Force Research Laboratory, Lawrence Berkley National Laboratory and USAG Fort Hunter Liggett with live hacking marathon called "Hack the Satellite," an event where hackers were required to hijack a satellite which was launched by the

NASA The National Aeronautics and Space Administration (NASA ) is an independent agencies of the United States government, independent agency of the federal government of the United States, US federal government responsible for the United States ...

Events and live hacking

In February 2017, HackerOne sponsored an invitation-only

hackathon A hackathon (also known as a hack day, hackfest, datathon or codefest; a portmanteau of '' hacking'' and ''marathon'') is an event where people engage in rapid and collaborative engineering over a relatively short period of time such as 24 or 48 h ...

, gathering security researchers from around the world to hack e-commerce sites

Airbnb Airbnb, Inc. ( , an abbreviation of its original name, "Air Bed and Breakfast") is an American company operating an online marketplace for short-and-long-term homestays, experiences and services in various countries and regions. It acts as a ...

and

Shopify Shopify Inc., stylized as ''shopify'', headquartered in Ottawa, Ontario, operates an e-commerce platform for retail point-of-sale systems that offers payments, marketing, shipping, inventory management, transaction management, and customer eng ...

for vulnerabilities. This was the second such hackathon, with the company hosting one in Las Vegas in August 2016 during the Black Hat Security Conference. In 2018, HackerOne hosted Live Hacking events in cities across the US and Asia. Asia (India) representatives won the first place with $1 million bounty cash been awarded to Mohana Rangam . And over $1 million in bounty cash was awarded at the next events, with Oath Inc. (now called

Verizon Media Verizon Communications Inc. ( ), is an American telecommunications company headquartered in New York City. It is the world's second-largest telecommunications company by revenue and its mobile network is the largest wireless carrier in the ...

) paying over $400,000 in bounties during a single event in San Francisco, CA in April 2018. In October 2017, HackerOne hosted their first conference, called Security@ San Francisco. The 200-attendee event included speakers from DoD,

and

Uber Uber Technologies, Inc. is an American multinational transportation company that provides Ridesharing company, ride-hailing services, courier services, food delivery, and freight transport. It is headquartered in San Francisco, California, a ...

and also featured talks from hackers.

Courses

HackerOne has an online course to help people find bugs in a

security system A security alarm is a system designed to detect intrusions, such as unauthorized entry, into a building or other areas, such as a home or school. Security alarms protect against burglary (theft) or property damage, as well as against intruders. ...

and other

techniques. Each crowd-source security platform will have a different approach and a specific goal it focuses on. HackerOne primarily focuses on penetration testing services with security certifications, including ISO 27001 and FedRAMP authorization. While others in the field, like Bugcrowd, focus on

attack surface The attack surface of a software environment is the sum of the different points (for " attack vectors") where an unauthorized user (the "attacker") can try to enter data to, extract data, control a device or critical software in an environment. Ke ...

management and a broad spectrum of penetration testing services for IoT,

API An application programming interface (API) is a connection between computers or between computer programs. It is a type of software interface, offering a service to other pieces of software. A document or standard that describes how to build ...

, and even networks.

Locations

HackerOne is headquartered in

San Francisco San Francisco, officially the City and County of San Francisco, is a commercial, Financial District, San Francisco, financial, and Culture of San Francisco, cultural center of Northern California. With a population of 827,526 residents as of ...

. The company maintains a development office in Groningen, Netherlands. In April 2017, the company announced the addition of offices in

London, UK London is the capital and largest city of both England and the United Kingdom, with a population of in . Its wider metropolitan area is the largest in Western Europe, with a population of 14.9 million. London stands on the River Tha ...

and

Germany Germany, officially the Federal Republic of Germany, is a country in Central Europe. It lies between the Baltic Sea and the North Sea to the north and the Alps to the south. Its sixteen States of Germany, constituent states have a total popu ...

References

{{Reflist, 30em

External links

Company Website

Company Profile: Bloomberg
Companies based in San Francisco 2012 establishments in California Computer security companies Business services companies established in 2012 American companies established in 2012