Category: Security

Highlights of New York’s Cybersecurity Regulation 23 NYCRR Part 500

September 4, 2018 – Eighteen month transitional period ends. Covered Entities are required to be in compliance with the requirements of sections 500.06, 500.08, 500.13, 500.14(a) and 500.15 of 23 NYCRR Part 500. Effective March 1, 2017, the New York...

/ September 4, 2018

H1-702 2018 makes history with over $500K in bounties paid!

In August 2016, a small group of HackerOne staff brought to life the first ever live hacking event in HackerOne’s history at DEF CON 24 in Las Vegas, Nevada. We learned so many things over those three days and nights....

/ September 3, 2018

What is a Responsible Disclosure Policy and Why You Need One

Bug bounty programs may capture the majority of headlines in hacker-powered security today, but organizations of all shapes and sizes must first open a channel for ethical hackers to alert them to potential vulnerabilities they find. It’s called a vulnerability...

/ August 30, 2018

7 Common Security Pitfalls to Avoid When Migrating to the Cloud

So you want to move to the cloud. It’s okay. You’re not alone. 96 percent of decision makers in one survey have cloud initiatives underway. Enterprise IT teams will soon reach the tipping point, spending over 50 percent on cloud...

/ August 27, 2018

118 Fascinating Facts from HackerOne’s Hacker-Powered Security Report 2018

Another year, another Hacker-Powered Security Report! We pulled out 100 of the report’s top facts—and then added 18 more, since it’s 2018. See below for a better understanding of how hacker-powered security is disrupting (in a good way) how organizations...

/ August 27, 2018

Oath Bug Bounty Program Update: $1M in payouts and expansion of the program

This blog was written by Oath CISO and Paranoid in Chief Chris Nims and originally published on Oath.com. A little more than three months ago, we brought 40 of the world’s best white hat hackers to an undisclosed location in San...

/ August 23, 2018

Improve Credential Sharing with Hacker Email Aliases

Starting today, all existing and new hackers get a personalized email alias tied to their account, in the form of username[at]wearehackerone[dot]com. Any emails sent to this will be forwarded to their email address that is registered with HackerOne. This has...

/ August 16, 2018

A Guide To Subdomain Takeovers

HackerOne’s Hacktivity feed — a curated feed of publicly-disclosed reports — has seen its fair share of subdomain takeover reports. Since Detectify’s fantastic series on subdomain takeovers, the bug bounty industry has seen a rapid influx of reports concerning this...

/ August 15, 2018

Software Vulnerability Disclosure in Europe: Summary and Key Highlights of the European Parliament CEPS Task Force Report

In the autumn of 2017, the Centre for European Policy Studies (CEPS), a European Union think tank, initiated a task force to define guidelines around software vulnerability disclosure (SVD) across the European Union.  In late June, the CEPS task force published...

/ August 14, 2018

Sumo Logic Looks to Hacker-Powered Pen Testing for Security and Compliance

Secrecy has been a trademark of security culture for decades. Companies like cloud-based log management and analytics company Sumo Logic are choosing transparency. Subject to extreme compliance and regulation standards, Sumo Logic is sharing the results and inner workings of...

/ July 31, 2018

Zomato’s First Anniversary with Bug Bounties: Q&A with Security Lead, Prateek Tiwari

Headquartered in India – restaurant discovery, online ordering and table reservations platform Zomato currently operates in 24 countries; including the United States, Australia, United Kingdom, Canada, India, Turkey, UAE, Qatar, Portugal, South Africa, New Zealand, and more. It’s security team,...

/ July 23, 2018

The Hacker-Powered Security Report 2018

“Crowdsourced security testing is rapidly approaching critical mass, and ongoing adoption and uptake by buyers is expected to be rapid…” – Gartner Emerging Technology Analysis: Bug Bounties and Crowdsourced Security Testing published June 2018 The Hacker-Powered Security Report 2018 is...

/ July 11, 2018