The most trusted hacker-powered security platform

Pre-recorded Webinars

How GitLab and HackerOne are Accelerating Innovation without Compromising Security or Quality

In this webinar, GitLab's Director of Security Kathy Wang and Senior Application Security Engineer James Ritchey will dive into the evolution of GitLab's bug bounty program over time and how leveraging HackerOne's community has helped to find and fix security issues quickly. We'll cover why GitLab works so closely with external hackers, how to evolve a bug bounty program over time, and advice for companies looking to launch their own program.

Learn more

2018 Hacker-Powered Security Report: Key Findings and Learnings

The Hacker-Powered Security Report 2018 is the most comprehensive report on hacker-powered security. We analyzed 78,275 security vulnerability reports received in the past year from ethical hackers that reported them to over 1,000 organizations through HackerOne. Some key findings discussed in this fireside chat include $11.7M awarded to hacker in 2017 alone, 93% of the Forbes Global 2000 not having a public policy to receive external vulnerability reports, and the need for more extensive global education for hackers.

Learn more

Blog post

Your First 90 Days as a Security Lead: Building the Foundation

We interviewed a variety of security experts—some who’ve run security programs in the past and others who now help HackerOne customers develop and scale their programs—to get their advice on how new security leads should spend their first three months. The consensus first step: understand why you're there and set the foundation. Check out this two-part blog to learn best practices for developing an elite security program and key steps in the first 90 days.

Learn more


Beginners’ Guide to Hacker-Powered Security

No matter your organization’s size or industry, cybersecurity is likely a top focus. Resource constrained organizations as well as those that have deep pockets to invest in the latest and greatest security talent routinely work with independent security experts for their help. In fact, you can never have too much help in finding and fixing your cybersecurity gaps. In this exhaustive guide, you'll learn how hacker-powered security works and a step-by-step process to quickly and easily fit it in your existing security efforts.

Learn more

Hacker-Powered Security for Startups

Startup growth can be crippled if customers sense even the slightest risk to their data, or, worse, if a public breach undermines confidence in your offerings. Early-stage companies also need to be smart with their limited budgets, keeping tight reins on items that don’t directly contribute to market share growth. In this ebook, you'll discover the importance of security and compliance for startups, real stories of startup success with hacker-powered security, and how to implement within your organization without breaking the bank.

Learn more

Case Studies

Salesforce Uses Bug Bounties to Secure Customer Data

For the past 3 years, Salesforce has trusted HackerOne as their platform for hacker-powered security. Their product security lead, Vinayendra Nataraja, recently shed some light on the success of their program. In this overview, you’ll learn how Salesforce managed 3,200+ valid bug reports, why they put the extra effort in to respond to new reports within 5 hours, and how they structure their bounty reward strategy.

Learn more

Sumo Logic Uses Hacker-Powered Pen Tests for Security and Compliance

Being subject to strict compliance and regulation standards, cloud-based log management and analytics company, Sumo Logic, took a drastic turn when their penetration test reports kept coming back clean. They knew it meant a hardening of their attack surface, so they set out to try something few in their position would even consider. Learn why Sumo Logic chose to augment their pen tests with time-bound bug bounty programs using HackerOne Challenge.

Learn more


The Cyber Security Survival Guide for Startups

When running a startup, it is vital to know and identify the possible threats the cyber space holds in it. CEO at HackerOne Mårten Mickos, Jesse Kinser, the Director of Product Security at LifeOmic and Frans Rosén, Security Advisor at Detectify will let you in their mindset of operating a hack-free startup. This panel focuses on building a security focused culture, reacting to a breach, and how to integrate bug bounties into a DevOps workflow.

Learn more

Sumo Logic's CSO Talks Cloud, Compliance, GDPR, and Security

George Gerchow isn’t afraid to tell it like it is. As the CSO of Sumo Logic, he’s responsible for securing their cloud-native, machine data analytics platform at a level that builds unbreakable trust with their more than 1,600 global customers. At Security@ 2018, held in San Francisco, Gerchow took the stage to share how Sumo Logic works with HackerOne to take a decidedly modern approach to security, using bug bounties as a tool in the arsenal and transparency as the common thread.

Learn more

Trust & Transactions: Balancing Security and Compliance

Banks and financial services companies have always been attractive targets for criminals. Security@ 2018 hosted a panel consisted of Jason Pubal, Director of Application Security for a Financial Services Company and Mike Weber, VP of Coalfire Labs, Coalfire. This panel of experts discussed how banks, wealth management companies, and credit card companies are incorporating an offensive approach to cybersecurity, all while balancing compliance requirements, auditors, and consumer trust.

Learn more