Category: Security
Highlights of New Yorkâs Cybersecurity Regulation 23 NYCRR Part 500
September 4, 2018 – Eighteen month transitional period ends. Covered Entities are required to be in compliance with the requirements of sections 500.06, 500.08, 500.13, 500.14(a) and 500.15 of 23 NYCRR Part 500. Effective March 1, 2017, the New York...
H1-702 2018 makes history with over $500K in bounties paid!
In August 2016, a small group of HackerOne staff brought to life the first ever live hacking event in HackerOne’s history at DEF CON 24 in Las Vegas, Nevada. We learned so many things over those three days and nights....
What is a Responsible Disclosure Policy and Why You Need One
Bug bounty programs may capture the majority of headlines in hacker-powered security today, but organizations of all shapes and sizes must first open a channel for ethical hackers to alert them to potential vulnerabilities they find. It’s called a vulnerability...
7 Common Security Pitfalls to Avoid When Migrating to the Cloud
So you want to move to the cloud. It’s okay. You’re not alone. 96 percent of decision makers in one survey have cloud initiatives underway. Enterprise IT teams will soon reach the tipping point, spending over 50 percent on cloud...
118 Fascinating Facts from HackerOneâs Hacker-Powered Security Report 2018
Another year, another Hacker-Powered Security Report! We pulled out 100 of the report’s top facts—and then added 18 more, since it’s 2018. See below for a better understanding of how hacker-powered security is disrupting (in a good way) how organizations...
Oath Bug Bounty Program Update: $1M in payouts and expansion of the program
This blog was written by Oath CISO and Paranoid in Chief Chris Nims and originally published on Oath.com. A little more than three months ago, we brought 40 of the world’s best white hat hackers to an undisclosed location in San...
Improve Credential Sharing with Hacker Email Aliases
Starting today, all existing and new hackers get a personalized email alias tied to their account, in the form of username[at]wearehackerone[dot]com. Any emails sent to this will be forwarded to their email address that is registered with HackerOne. This has...
A Guide To Subdomain Takeovers
HackerOne’s Hacktivity feed — a curated feed of publicly-disclosed reports — has seen its fair share of subdomain takeover reports. Since Detectify’s fantastic series on subdomain takeovers, the bug bounty industry has seen a rapid influx of reports concerning this...
Software Vulnerability Disclosure in Europe: Summary and Key Highlights of the European Parliament CEPS Task Force Report
In the autumn of 2017, the Centre for European Policy Studies (CEPS), a European Union think tank, initiated a task force to define guidelines around software vulnerability disclosure (SVD) across the European Union. In late June, the CEPS task force published...
Sumo Logic Looks to Hacker-Powered Pen Testing for Security and Compliance
Secrecy has been a trademark of security culture for decades. Companies like cloud-based log management and analytics company Sumo Logic are choosing transparency. Subject to extreme compliance and regulation standards, Sumo Logic is sharing the results and inner workings of...
Zomatoâs First Anniversary with Bug Bounties: Q&A with Security Lead, Prateek Tiwari
Headquartered in India – restaurant discovery, online ordering and table reservations platform Zomato currently operates in 24 countries; including the United States, Australia, United Kingdom, Canada, India, Turkey, UAE, Qatar, Portugal, South Africa, New Zealand, and more. It’s security team,...
The Hacker-Powered Security Report 2018
“Crowdsourced security testing is rapidly approaching critical mass, and ongoing adoption and uptake by buyers is expected to be rapid…” – Gartner Emerging Technology Analysis: Bug Bounties and Crowdsourced Security Testing published June 2018 The Hacker-Powered Security Report 2018 is...
