From Wikipedia, the free encyclopedia
Jump to navigation Jump to search
Industry Cybersecurity
Founded 2012
Founders Michiel Prins, Jobert Abma, Alex Rice and Merijn Terheggen
Headquarters San Francisco, California
Key people
Mårten Mickos (CEO)
Website hackerone.com

HackerOne is a vulnerability coordination and bug bounty platform that connects businesses with cybersecurity researchers. [1] It is one of the first companies along with Synack and Bugcrowd to embrace and utilize crowd-sourced security and hackers as linchpins of its business model, and is the largest cybersecurity firm of its kind.[1] As of February 2017, HackerOne's network consisted of approximately 100,000 hackers and had paid $14 million in bounties.[2]


In 2011, Dutch hackers Jobert Abma and Michiel Prins attempted to find security vulnerabilities in 100 prominent high-tech companies. They discovered flaws in all of the companies, including Facebook, Google, Apple, Microsoft, and Twitter. Dubbing their efforts the Hack 100, Abma and Prins contacted the at-risk firms. While many firms ignored their alert, COO of Facebook, Sheryl Sandberg, gave the warning to their head of product security, Alex Rice. Rice, Abma and Prins connected, and together with Merijn Terheggen founded HackerOne in 2012.[1] In November 2015, Terheggen stepped down from his role as CEO and was replaced by Marten Mickos.[3]

In November 2013, the company hosted a program encouraging the discovery and responsible disclosure of software bugs. Microsoft and Facebook funded the initiative, known as the Internet Bug Bounty project.[4] By June 2015, HackerOne's bug bounty platform had identified approximately 10,000 vulnerabilities and paid hackers over $1 million.[5] In September 2015, the company launched a Vulnerability Coordination Maturity Model, which then-policy chief Katie Moussouris described as “an important effort from HackerOne to codify some reasonable minimum standards on how organizations handle incoming, unsolicited vulnerability reports.”[2] In April 2017 the company announced 240% year-over-year customer growth in Europe, and the subsequent opening of additional European offices to serve increasing customer demand.[6]


HackerOne removes the administrative burden of coordinating bug bounty payment to hackers by the companies that choose to use them to discover vulnerabilities. Companies pay hackers through the platform as a reward for identifying bugs in their systems and products. The platform enables secure intelligence report sharing, payment and a reputation system for hackers.[4][7] In February 2018, it was reported that 12% of the platform's users make more than $20,000 annually finding system bugs.[8]

Major companies using the HackerOne platform as of this entry include Coinbase, Twitter, Slack, Adobe, Yahoo, LinkedIn, GitHub and Airbnb,[1] as well as Lufthansa,[9] Snapchat,[10] Qualcomm,[11] General Motors,[12] YouPorn,[13] Panasonic Avionics,[14] Shopify,[15] Uber,[16] Yelp[17] and Nintendo.[18] As of February 2017, HackerOne's network consisted of approximately 100,000 hackers and had paid $14 million in bounties.[2]


In May 2014, HackerOne received $9 million (USD) in Series A funding from venture capital firm Benchmark.[19][20] A $25 million Series B round was led by New Enterprise Associates.[21] Angel investors include Salesforce CEO Marc Benioff, Digital Sky Technologies founder Yuri Milner, Dropbox chief executive Drew Houston and Yelp CEO Jeremy Stoppelman.[5][22] A Series C round led by Dragoneer Investment Group netted $40 million in February, 2017 for a total of $74 million in investments to date.[23] In April 2017, European-based venture capital fund, EQT Ventures, invested in the $40 million Series C funding round.[6]

U.S. Department of Defense[edit]

In March 2016, the U.S. government launched Hack the Pentagon, using the HackerOne platform.[24][25] The 24-day program resulted in the discovery and repair of 138 vulnerabilities in Department of Defense (DoD) websites, with over $70,000 in bounties paid to hackers.[26]

In October of the same year, the DoD developed a Vulnerability Disclosure Policy (VDP), the first of its kind created for the U.S. government. The policy outlines the conditions under which hackers may legally explore front-facing programs for security vulnerabilities. The first use of the VDP launched as part of the Hack the Army initiative, which was also the first time this branch of the US military welcomed hackers to find and report security flaws in its systems.[27][28]

Hack the Army resulted in 118 valid vulnerability reports; 371 participants, including 25 government workers and 17 military personnel took part. Hackers reaped approximately $100,000 in bounties.[29] and the most trusted one


In February 2017, HackerOne sponsored an invitation-only hackathon, gathering security researchers from around the world to hack e-commerce sites AirBnB and Shopify for vulnerabilities.[30] This is the second such hackathon, with the company hosting one in Las Vegas in August 2016 during the Black Hat Security Conference.[31] In May, 2017 the firm will host a day-long live hacking event in Amsterdam, offering participants a chance to earn up to $150,000 in bounties.[6]


HackerOne is headquartered in San Francisco. The company maintains a development office in Groningen, Netherlands.[citation needed] The firm plans to open a UK-based office in Q1 of 2017.[32] In April 2017, they announced the addition of offices in the UK and Germany.[6]


  1. ^ a b c d "HackerOne connects hackers with companies and hopes for a win-win". The New York Times. June 7, 2015. Retrieved October 28, 2015. 
  2. ^ a b c Bradley, Tony. "HackerOne launches free Vulnerability Coordination Maturity Model tool". CSO Online. Retrieved 2017-03-15. 
  3. ^ "Serial CEO Marten MIckos takes the reins at HackerOne". Fortune. Retrieved 2017-03-15. 
  4. ^ "The Big Business of Smashing Bugs". Bloomberg.com. 2015-03-12. Retrieved 2017-03-15. 
  5. ^ a b "HackerOne, a computer bug bounty firm, raises $25 million in Series B". Fortune. Retrieved 2017-03-15. 
  6. ^ a b c d "HackerOne Strengthens Presence in Europe Amid Growing Demand for Hacker-Powered Security". BusinessWire. Retrieved April 10, 2017. 
  7. ^ Hill, Kashmir. "When It's A Good Idea To Invite An Army Of Hackers To Attack You". Forbes. Retrieved 2017-03-15. 
  8. ^ Novinson, Michael (2018-02-27). "The Bug Bounty Business: Who Are The Bounty Hunters?". CRN. Retrieved 2018-03-23. 
  9. ^ "Security is also the top priority for IT: Lufthansa Group launches bug bounty program". WebWire. Retrieved 2017-03-15. 
  10. ^ Osborne, Charlie. "A look at the top HackerOne bug bounties of 2016 | ZDNet". ZDNet. Retrieved 2017-03-15. 
  11. ^ "Qualcomm and HackerOne Partner on Bounty Program". Threatpost | The first stop for security news. 2016-11-18. Retrieved 2017-03-15. 
  12. ^ "GM teams with HackerOne on vulnerability submission program". SC Magazine US. 2016-01-08. Retrieved 2017-03-15. 
  13. ^ "YouPorn taps HackerOne to launch bug bounty program with rewards of up to $25,000". VentureBeat. Retrieved 2017-03-15. 
  14. ^ "Panasonic Avionics kicking off bug bounty program". SC Magazine US. 2016-08-03. Retrieved 2017-03-15. 
  15. ^ 126Kr. "Sharing the Philosophy Behind Shopify's Bug Bounty - 【126Kr】". 126kr.com. Retrieved 2017-03-15. 
  16. ^ Miller, Ron. "Uber launches bug bounty program that pays hackers to find security issues". TechCrunch. Retrieved 2017-03-15. 
  17. ^ Conger, Kate. "Yelp invites hackers to expose vulnerabilities through bug bounty program". TechCrunch. Retrieved 2017-03-15. 
  18. ^ "Nintendo offers $20,000 bounty for 3DS exploits". Ars Technica. Retrieved 2017-03-15. 
  19. ^ Miller, Ron. "HackerOne Get $9M In Series A Funding To Build Bug Tracking Bounty Programs". TechCrunch. Retrieved 2017-03-15. 
  20. ^ Vanian, Jonathan (2014-05-28). "HackerOne lands $9 million to aid in its bug-disclosure program". gigaom.com. Retrieved 2017-03-15. 
  21. ^ Osborne, Charlie. "HackerOne raises $25 million in vulnerability management push | ZDNet". ZDNet. Retrieved 2017-03-15. 
  22. ^ "HackerOne raises $25M to make the Internet safer via bug bounty programs". VentureBeat. Retrieved 2017-03-15. 
  23. ^ "HackerOne Raises $40 Million to Make the Internet Safer for Everyone". www.businesswire.com. Retrieved 2017-03-15. 
  24. ^ "DoD Invites Vetted Specialists to 'Hack' the Pentagon". U.S. DEPARTMENT OF DEFENSE. Retrieved 2017-03-15. 
  25. ^ "'Hack the Pentagon' Pilot Program Opens for Registration". U.S. DEPARTMENT OF DEFENSE. Retrieved 2017-03-15. 
  26. ^ Conger, Kate. "Department of Defense expanding Hack the Pentagon program". TechCrunch. Retrieved 2017-03-15. 
  27. ^ Osborne, Charlie. "DoD, HackerOne kick off Hack the Army bug bounty challenge | ZDNet". ZDNet. Retrieved 2017-03-15. 
  28. ^ "Army's first bug bounty uncovers entry point to sensitive DoD network". FederalNewsRadio.com. 2017-01-24. Retrieved 2017-03-15. 
  29. ^ "Hackers Found 118 Valid Vulnerabilities During Army Bug Bounty Program - Executive Gov". Executive Gov. Retrieved 2017-03-15. 
  30. ^ "'Ethical hackers' work with Airbnb, Shopify". SFGate. Retrieved 2017-03-15. 
  31. ^ HackerOne (2017-02-10), h1-702 Las Vegas Hackathon, retrieved 2017-03-15 
  32. ^ Burgess, Matt. "HackerOne is heading to the UK after raising £30m in series C funding". WIRED UK. Retrieved 2017-03-15. 

Further reading[edit]

External links[edit]