fbpx
Wikipedia

HackerOne

February 15, 2024

HackerOne is a company specializing in cybersecurity, specifically attack resistance management, which blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the digital attack surface.[1] It was one of the first companies to embrace and utilize crowd-sourced security and cybersecurity researchers as linchpins of its business model; pioneering bug bounty and coordinated vulnerability disclosure.[2] As of December 2022, HackerOne's network had paid over $230 million in bounties.[3] HackerOne's customers include The U.S. Department of Defense, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Twitter, and Yahoo.

HackerOne Inc.
Company typePrivate
IndustryCybersecurity
Founded2012; 12 years ago (2012)
FoundersMichiel Prins, Jobert Abma, Alex Rice and Merijn Terheggen
HeadquartersSan Francisco, California
Key people
Mårten Mickos (CEO)
Websitehackerone.com

History edit

In 2011, Dutch hackers Jobert Abma and Michiel Prins attempted to find security vulnerabilities in 100 prominent high-tech companies. They discovered flaws in all of the companies, including Facebook, Google, Apple, Microsoft, and Twitter. Dubbing their efforts the "Hack 100", Abma and Prins contacted the at-risk firms. While many firms ignored their disclosure attempts, the COO of Facebook, Sheryl Sandberg, passed on the warning to their head of product security, Alex Rice. Rice, Abma and Prins connected, and together with Merijn Terheggen founded HackerOne in 2012.[2] In November 2015, Terheggen stepped down from his role as CEO and was replaced by Marten Mickos.[4] In November 2013, the company hosted a program encouraging the discovery and responsible disclosure of software bugs. Microsoft and Facebook funded the initiative, known as the Internet Bug Bounty project.[5] By June 2015, HackerOne's bug bounty platform had identified approximately 10,000 vulnerabilities and paid researchers over $1 million in bounties.[6] In September 2015, the company launched a Vulnerability Coordination Maturity Model, which then-policy chief Katie Moussouris described as “an important effort from HackerOne to codify some reasonable minimum standards on how organizations handle incoming, unsolicited vulnerability reports.”[1] In April 2017, the company announced 240% year-over-year customer growth in Europe, and the subsequent opening of additional European offices to serve increasing customer demand.[7]

Since the release of the 2019 Hacker Report[8] two years ago, the HackerOne community has doubled in size to over one million registered hackers. While much of the community is still exploring and learning, there has been a 63% increase in the number of hackers submitting reports in 2020.[9] That's a 143% increase since 2018, demonstrating that hackers are growing their skills and expertise as organizations and industries across the globe invest in hacker-powered solutions. Hackers earned $40 million in 2020 alone, contributing to reaching the milestone of $100 million paid out to hackers on the HackerOne platform. Nine hackers have earned over $1 million on the platform since 2019, and one hacker passed the $2 million mark in 2020.[10]

In April 2022, HackerOne acquired PullRequest, a code-review-as-a-service platform.[11]

Funding edit

In May 2014, HackerOne received $9 million (USD) in Series A funding from venture capital firm Benchmark.[12][13] A $25 million Series B round was led by New Enterprise Associates.[14] Angel investors include Salesforce CEO Marc Benioff, Digital Sky Technologies founder Yuri Milner, Dropbox chief executive Drew Houston and Yelp CEO Jeremy Stoppelman.[6][15] A Series C round led by Dragoneer Investment Group netted $40 million in February 2017 for a total of $74 million in investments to date.[16] In April 2017, European-based venture capital fund EQT Ventures invested in the $40 million Series C funding round.[7] In 2019, the company raised $36 million in Series D funding led by Valor Equity Partners.[17]

U.S. Department of Defense Programs edit

In March 2016, the U.S. Department of Defense (DoD) launched an initiative dubbed "Hack the Pentagon" using the HackerOne platform.[18][19] The 24-day program resulted in the discovery and mitigation of 138 vulnerabilities in DoD websites, with over $70,000 (USD) in bounties paid to participating researchers.[20]

In October of the same year, DoD developed a Vulnerability Disclosure Policy (VDP), the first of its kind created for the U.S. government. The policy outlines the conditions under which cybersecurity researchers may legally explore front-facing programs for security vulnerabilities. The first use of the VDP launched as part of the "Hack the Army" initiative, which was also the first time this branch of the U.S. military welcomed hackers to find and report security flaws in its systems.[21][22]

The Hack the Army initiative resulted in 118 valid vulnerability reports; 371 participants, including 25 government workers and 17 military personnel, took part. Approximately $100,000 (USD) in total was awarded to participating researchers.[23]

In May 2017, DoD extended the program to "Hack the Air Force". This program led to the discovery of 207 vulnerabilities, netting more than $130,000 (USD) in paid bounties. As at the end of 2017, DoD had learned of and fixed thousands of vulnerabilities through their vulnerability disclosure initiatives.[24]

Events and Live Hacking edit

In February 2017, HackerOne sponsored an invitation-only hackathon, gathering security researchers from around the world to hack e-commerce sites Airbnb and Shopify for vulnerabilities.[25] This was the second such hackathon, with the company hosting one in Las Vegas in August 2016 during the Black Hat Security Conference.[26] In 2018, HackerOne hosted Live Hacking events in cities across the US and Asia. Asia (India) representatives won the first place with $1 million bounty cash been awarded to Mohana Rangam .[27] And over $1 million in bounty cash was awarded at the next events, with Oath Inc. (now called Verizon Media) paying over $400,000 in bounties during a single event in San Francisco, CA in April 2018.[28]

In October 2017, HackerOne hosted their first conference, called Security@ San Francisco. The 200-attendee event included speakers from DoD, General Motors and Uber and also featured talks from hackers.[29]

Courses edit

HackerOne has an online course to help people find bugs in a security system and other cybersecurity techniques.[30] Each crowd-source security platform will have a different approach and a specific goal it focuses on.[31] HackerOne primarily focuses on penetration testing services with security certifications, including ISO 27001 and FedRAMP authorization. While others in the field, like Bugcrowd, focus on attack surface management and a broad spectrum of penetration testing services for IoT, API, and even networks.[31] HackerOne's new initiative learn to hack, hacker101 helps many security researchers.

Locations edit

HackerOne is headquartered in San Francisco. The company maintains a development office in Groningen, Netherlands.[32] In April 2017, the company announced the addition of offices in London, UK and Germany.[7]

See also edit

References edit

  1. ^ a b HackerOne (2022). "HackerOne: Close the gap on attackers". Retrieved 2023-02-02.
  2. ^ a b "HackerOne connects hackers with companies and hopes for a win-win". The New York Times. June 7, 2015. Retrieved October 28, 2015.
  3. ^ "6th Annual Hacker-Powered Security Report". HackerOne. December 12, 2022. Retrieved 2023-02-02.
  4. ^ "Serial CEO Marten MIckos takes the reins at HackerOne". Fortune. Retrieved 2017-03-15.
  5. ^ "The Big Business of Smashing Bugs". Bloomberg.com. 2015-03-12. Retrieved 2017-03-15.
  6. ^ a b "HackerOne, a computer bug bounty firm, raises $25 million in Series B". Fortune. Retrieved 2017-03-15.
  7. ^ a b c "HackerOne Strengthens Presence in Europe Amid Growing Demand for Hacker-Powered Security". BusinessWire. 2017-04-10. Retrieved 2018-07-27.
  8. ^ HackerOne (2019-08-21). "The 2019 Hacker Report". Retrieved 2021-07-21.
  9. ^ HackerOne (2020-02-23). "The 2020 Hacker Report". Retrieved 2021-07-21.
  10. ^ HackerOne (2021-03-08). "The 2021 Hacker Report". Retrieved 2021-07-21.
  11. ^ "HackerOne buys YC-backed PullRequest to add code review to bug-squashing platform". TechCrunch. Retrieved 2022-05-05.
  12. ^ Miller, Ron. "HackerOne Get $9M In Series A Funding To Build Bug Tracking Bounty Programs". TechCrunch. Retrieved 2017-03-15.
  13. ^ Vanian, Jonathan (2014-05-28). . gigaom.com. Archived from the original on 2015-12-03. Retrieved 2017-03-15.
  14. ^ Osborne, Charlie. "HackerOne raises $25 million in vulnerability management push | ZDNet". ZDNet. Retrieved 2017-03-15.
  15. ^ "HackerOne raises $25M to make the Internet safer via bug bounty programs". VentureBeat. Retrieved 2017-03-15.
  16. ^ "HackerOne Raises $40 Million to Make the Internet Safer for Everyone". www.businesswire.com. Retrieved 2017-03-15.
  17. ^ "HackerOne just closed a new round of funding that brings its total funding to $110 million". TechCrunch. Retrieved 2020-08-13.
  18. ^ "DoD Invites Vetted Specialists to 'Hack' the Pentagon". U.S. DEPARTMENT OF DEFENSE. Retrieved 2017-03-15.
  19. ^ "'Hack the Pentagon' Pilot Program Opens for Registration". U.S. DEPARTMENT OF DEFENSE. Retrieved 2017-03-15.
  20. ^ Conger, Kate. "Department of Defense expanding Hack the Pentagon program". TechCrunch. Retrieved 2017-03-15.
  21. ^ Osborne, Charlie. "DoD, HackerOne kick off Hack the Army bug bounty challenge | ZDNet". ZDNet. Retrieved 2017-03-15.
  22. ^ "Army's first bug bounty uncovers entry point to sensitive DoD network". FederalNewsRadio.com. 2017-01-24. Retrieved 2017-03-15.
  23. ^ "Hackers Found 118 Valid Vulnerabilities During Army Bug Bounty Program - Executive Gov". Executive Gov. Retrieved 2017-03-15.
  24. ^ Newman, Lily Hay (2017-11-10). "The Pentagon Opened up to Hackers--And Fixed Thousands of Bugs". Wired. Retrieved 2018-07-27.
  25. ^ "'Ethical hackers' work with Airbnb, Shopify". SFGate. Retrieved 2017-03-15.
  26. ^ HackerOne (2017-02-10), h1-702 Las Vegas Hackathon, retrieved 2017-03-15
  27. ^ HackerOne (2018). "Live Hacking". HackerOne.
  28. ^ Nims, Chris (2018-04-20). "We invited 40 of the world's best security researchers to hack our products. Here's what happened". Oath. Retrieved 2018-07-27.
  29. ^ "Introducing Security@ San Francisco!". HackerOne. 2017-10-17. Retrieved 2018-07-27.
  30. ^ "How To Earn Money As A Bug Bounty Hunter". lifehacker.com.au. 25 August 2017.
  31. ^ a b "Top 5 Bug Bounty Platforms to Watch in 2021". thehackernews.com. 8 February 2021.
  32. ^ Kootstra, Richard (2016-02-14). . Founded in Groningen. Archived from the original on 2018-07-28. Retrieved 2018-07-27.

Further reading edit

  • Hacking For Security and Getting Paid For It. New York Times. October 14, 2015.
  • This Hacker Makes An Extra $100,000 A Year As A Bug Bounty Hunter. Business Insider. May 21, 2016.
  • Views on Bug Bounty Programs and Ethical Hacking From HackerOne Inc. Chief Executive Officer Marten Mickos. Bloomberg BNA. May 25, 2016.
  • Twitter Pays $322,420 to Bug Hunters Under ‘HackerOne’ Program. Indian Express Tech IE. May 28, 2016.
  • How HackerOne's Famous New CEO is Helping Teen Hackers Become Agents of Good, Not Evil. Business Insider. July 1, 2016.
  • HackerOne CEO: Every Computer is Subject to Vulnerabilities. CNBC. October 20, 2016.
  • The Technologist Convincing the Pentagon to Love Hackers. Christian Science Monitor. October 21, 2016.
  • A Look At The Top HackerOne Bounties of 2016. ZDNet. December 6, 2016.
  • Hacking The Army. TechCrunch. January 19, 2017.
  • Ethical Hackers: A Question of Choice. SC Magazine. January 27, 2017.

External links edit

  • Company Website
  • Company Profile: Bloomberg

February 15, 2024
hackerone, this, article, have, been, created, edited, return, undisclosed, payments, violation, wikipedia, terms, require, cleanup, comply, with, wikipedia, content, policies, particularly, neutral, point, view, february, 2023, company, specializing, cybersec. This article may have been created or edited in return for undisclosed payments a violation of Wikipedia s terms of use It may require cleanup to comply with Wikipedia s content policies particularly neutral point of view February 2023 HackerOne is a company specializing in cybersecurity specifically attack resistance management which blends the security expertise of ethical hackers with asset discovery continuous assessment and process enhancement to find and close gaps in the digital attack surface 1 It was one of the first companies to embrace and utilize crowd sourced security and cybersecurity researchers as linchpins of its business model pioneering bug bounty and coordinated vulnerability disclosure 2 As of December 2022 HackerOne s network had paid over 230 million in bounties 3 HackerOne s customers include The U S Department of Defense General Motors GitHub Goldman Sachs Google Hyatt Lufthansa Microsoft MINDEF Singapore Nintendo PayPal Slack Twitter and Yahoo HackerOne Inc Company typePrivateIndustryCybersecurityFounded2012 12 years ago 2012 FoundersMichiel Prins Jobert Abma Alex Rice and Merijn TerheggenHeadquartersSan Francisco CaliforniaKey peopleMarten Mickos CEO Websitehackerone wbr com Contents 1 History 2 Funding 3 U S Department of Defense Programs 4 Events and Live Hacking 5 Courses 6 Locations 7 See also 8 References 9 Further reading 10 External linksHistory editIn 2011 Dutch hackers Jobert Abma and Michiel Prins attempted to find security vulnerabilities in 100 prominent high tech companies They discovered flaws in all of the companies including Facebook Google Apple Microsoft and Twitter Dubbing their efforts the Hack 100 Abma and Prins contacted the at risk firms While many firms ignored their disclosure attempts the COO of Facebook Sheryl Sandberg passed on the warning to their head of product security Alex Rice Rice Abma and Prins connected and together with Merijn Terheggen founded HackerOne in 2012 2 In November 2015 Terheggen stepped down from his role as CEO and was replaced by Ma rten Mickos 4 In November 2013 the company hosted a program encouraging the discovery and responsible disclosure of software bugs Microsoft and Facebook funded the initiative known as the Internet Bug Bounty project 5 By June 2015 HackerOne s bug bounty platform had identified approximately 10 000 vulnerabilities and paid researchers over 1 million in bounties 6 In September 2015 the company launched a Vulnerability Coordination Maturity Model which then policy chief Katie Moussouris described as an important effort from HackerOne to codify some reasonable minimum standards on how organizations handle incoming unsolicited vulnerability reports 1 In April 2017 the company announced 240 year over year customer growth in Europe and the subsequent opening of additional European offices to serve increasing customer demand 7 Since the release of the 2019 Hacker Report 8 two years ago the HackerOne community has doubled in size to over one million registered hackers While much of the community is still exploring and learning there has been a 63 increase in the number of hackers submitting reports in 2020 9 That s a 143 increase since 2018 demonstrating that hackers are growing their skills and expertise as organizations and industries across the globe invest in hacker powered solutions Hackers earned 40 million in 2020 alone contributing to reaching the milestone of 100 million paid out to hackers on the HackerOne platform Nine hackers have earned over 1 million on the platform since 2019 and one hacker passed the 2 million mark in 2020 10 In April 2022 HackerOne acquired PullRequest a code review as a service platform 11 Funding editIn May 2014 HackerOne received 9 million USD in Series A funding from venture capital firm Benchmark 12 13 A 25 million Series B round was led by New Enterprise Associates 14 Angel investors include Salesforce CEO Marc Benioff Digital Sky Technologies founder Yuri Milner Dropbox chief executive Drew Houston and Yelp CEO Jeremy Stoppelman 6 15 A Series C round led by Dragoneer Investment Group netted 40 million in February 2017 for a total of 74 million in investments to date 16 In April 2017 European based venture capital fund EQT Ventures invested in the 40 million Series C funding round 7 In 2019 the company raised 36 million in Series D funding led by Valor Equity Partners 17 U S Department of Defense Programs editIn March 2016 the U S Department of Defense DoD launched an initiative dubbed Hack the Pentagon using the HackerOne platform 18 19 The 24 day program resulted in the discovery and mitigation of 138 vulnerabilities in DoD websites with over 70 000 USD in bounties paid to participating researchers 20 In October of the same year DoD developed a Vulnerability Disclosure Policy VDP the first of its kind created for the U S government The policy outlines the conditions under which cybersecurity researchers may legally explore front facing programs for security vulnerabilities The first use of the VDP launched as part of the Hack the Army initiative which was also the first time this branch of the U S military welcomed hackers to find and report security flaws in its systems 21 22 The Hack the Army initiative resulted in 118 valid vulnerability reports 371 participants including 25 government workers and 17 military personnel took part Approximately 100 000 USD in total was awarded to participating researchers 23 In May 2017 DoD extended the program to Hack the Air Force This program led to the discovery of 207 vulnerabilities netting more than 130 000 USD in paid bounties As at the end of 2017 DoD had learned of and fixed thousands of vulnerabilities through their vulnerability disclosure initiatives 24 Events and Live Hacking editIn February 2017 HackerOne sponsored an invitation only hackathon gathering security researchers from around the world to hack e commerce sites Airbnb and Shopify for vulnerabilities 25 This was the second such hackathon with the company hosting one in Las Vegas in August 2016 during the Black Hat Security Conference 26 In 2018 HackerOne hosted Live Hacking events in cities across the US and Asia Asia India representatives won the first place with 1 million bounty cash been awarded to Mohana Rangam 27 And over 1 million in bounty cash was awarded at the next events with Oath Inc now called Verizon Media paying over 400 000 in bounties during a single event in San Francisco CA in April 2018 28 In October 2017 HackerOne hosted their first conference called Security San Francisco The 200 attendee event included speakers from DoD General Motors and Uber and also featured talks from hackers 29 Courses editHackerOne has an online course to help people find bugs in a security system and other cybersecurity techniques 30 Each crowd source security platform will have a different approach and a specific goal it focuses on 31 HackerOne primarily focuses on penetration testing services with security certifications including ISO 27001 and FedRAMP authorization While others in the field like Bugcrowd focus on attack surface management and a broad spectrum of penetration testing services for IoT API and even networks 31 HackerOne s new initiative learn to hack hacker101 helps many security researchers Locations editHackerOne is headquartered in San Francisco The company maintains a development office in Groningen Netherlands 32 In April 2017 the company announced the addition of offices in London UK and Germany 7 See also editOpen Source Security FoundationReferences edit a b HackerOne 2022 HackerOne Close the gap on attackers Retrieved 2023 02 02 a b HackerOne connects hackers with companies and hopes for a win win The New York Times June 7 2015 Retrieved October 28 2015 6th Annual Hacker Powered Security Report HackerOne December 12 2022 Retrieved 2023 02 02 Serial CEO Marten MIckos takes the reins at HackerOne Fortune Retrieved 2017 03 15 The Big Business of Smashing Bugs Bloomberg com 2015 03 12 Retrieved 2017 03 15 a b HackerOne a computer bug bounty firm raises 25 million in Series B Fortune Retrieved 2017 03 15 a b c HackerOne Strengthens Presence in Europe Amid Growing Demand for Hacker Powered Security BusinessWire 2017 04 10 Retrieved 2018 07 27 HackerOne 2019 08 21 The 2019 Hacker Report Retrieved 2021 07 21 HackerOne 2020 02 23 The 2020 Hacker Report Retrieved 2021 07 21 HackerOne 2021 03 08 The 2021 Hacker Report Retrieved 2021 07 21 HackerOne buys YC backed PullRequest to add code review to bug squashing platform TechCrunch Retrieved 2022 05 05 Miller Ron HackerOne Get 9M In Series A Funding To Build Bug Tracking Bounty Programs TechCrunch Retrieved 2017 03 15 Vanian Jonathan 2014 05 28 HackerOne lands 9 million to aid in its bug disclosure program gigaom com Archived from the original on 2015 12 03 Retrieved 2017 03 15 Osborne Charlie HackerOne raises 25 million in vulnerability management push ZDNet ZDNet Retrieved 2017 03 15 HackerOne raises 25M to make the Internet safer via bug bounty programs VentureBeat Retrieved 2017 03 15 HackerOne Raises 40 Million to Make the Internet Safer for Everyone www businesswire com Retrieved 2017 03 15 HackerOne just closed a new round of funding that brings its total funding to 110 million TechCrunch Retrieved 2020 08 13 DoD Invites Vetted Specialists to Hack the Pentagon U S DEPARTMENT OF DEFENSE Retrieved 2017 03 15 Hack the Pentagon Pilot Program Opens for Registration U S DEPARTMENT OF DEFENSE Retrieved 2017 03 15 Conger Kate Department of Defense expanding Hack the Pentagon program TechCrunch Retrieved 2017 03 15 Osborne Charlie DoD HackerOne kick off Hack the Army bug bounty challenge ZDNet ZDNet Retrieved 2017 03 15 Army s first bug bounty uncovers entry point to sensitive DoD network FederalNewsRadio com 2017 01 24 Retrieved 2017 03 15 Hackers Found 118 Valid Vulnerabilities During Army Bug Bounty Program Executive Gov Executive Gov Retrieved 2017 03 15 Newman Lily Hay 2017 11 10 The Pentagon Opened up to Hackers And Fixed Thousands of Bugs Wired Retrieved 2018 07 27 Ethical hackers work with Airbnb Shopify SFGate Retrieved 2017 03 15 HackerOne 2017 02 10 h1 702 Las Vegas Hackathon retrieved 2017 03 15 HackerOne 2018 Live Hacking HackerOne Nims Chris 2018 04 20 We invited 40 of the world s best security researchers to hack our products Here s what happened Oath Retrieved 2018 07 27 Introducing Security San Francisco HackerOne 2017 10 17 Retrieved 2018 07 27 How To Earn Money As A Bug Bounty Hunter lifehacker com au 25 August 2017 a b Top 5 Bug Bounty Platforms to Watch in 2021 thehackernews com 8 February 2021 Kootstra Richard 2016 02 14 HackerOne Founded in Groningen kicking ass in San Francisco Founded in Groningen Archived from the original on 2018 07 28 Retrieved 2018 07 27 Further reading editHacking For Security and Getting Paid For It New York Times October 14 2015 This Hacker Makes An Extra 100 000 A Year As A Bug Bounty Hunter Business Insider May 21 2016 Views on Bug Bounty Programs and Ethical Hacking From HackerOne Inc Chief Executive Officer Marten Mickos Bloomberg BNA May 25 2016 Twitter Pays 322 420 to Bug Hunters Under HackerOne Program Indian Express Tech IE May 28 2016 How HackerOne s Famous New CEO is Helping Teen Hackers Become Agents of Good Not Evil Business Insider July 1 2016 HackerOne CEO Every Computer is Subject to Vulnerabilities CNBC October 20 2016 The Technologist Convincing the Pentagon to Love Hackers Christian Science Monitor October 21 2016 A Look At The Top HackerOne Bounties of 2016 ZDNet December 6 2016 Hacking The Army TechCrunch January 19 2017 Ethical Hackers A Question of Choice SC Magazine January 27 2017 External links editCompany Website Company Profile Bloomberg Retrieved from https en wikipedia org w index php title HackerOne amp oldid 1207395695, wikipedia, wiki, book, books, library,

article

, read, download, free, free download, mp3, video, mp4, 3gp, jpg, jpeg, gif, png, picture, music, song, movie, book, game, games.