The Rise of Misconfiguration and Supply Chain Vulnerabilities

The vulnerability of supply chains has been top of mind since the SolarWinds attack, which still dominates headlines, but last week's Singtel breach also reflects the rise of breaches triggered by misconfiguration vulnerabilities.


https://www.hackerone.com/vulnerability-...rabilities

PayPal is our Virtual Pal

HackerOne's second virtual live hacking event with event partners, PayPal to share experiences from the event.


https://www.hackerone.com/vulnerability-...irtual-pal

5 Secrets of a Mature Vulnerability Management Program from Costa Coffee and Priceli

During HackerOne's recent series of webinars, we caught up with Matt Southworth, CISO of Priceline, and Matt Adams, Global Security Architect at Costa Coffee, to learn their 5 secrets to building a highly effective vulnerability management program.


https://www.hackerone.com/vulnerability-...nt-program

DevSecOps: Bridging the Gap Between Security and Development

Organizations that rely on developing secure, functional products understand the value of increased collaboration between security and development teams.

Tighter partnerships between the two teams can allow organizations to deliver better, safer products faster, but how can this work in the real world?
 

https://www.hackerone.com/security-event...evelopment

GitLab’s Public Bug Bounty Program Kicks Off: Q&A with GitLab’s Kathy Wang & Jam

Today, GitLab is launching their first public bug bounty program. After running a private bug bounty program and public vulnerability disclosure program (VDP) on HackerOne for over a year, the company resolved nearly 250 vulnerabilities thanks to the over 100 participating hackers. We sat down with GitLab's Director of Security Kathy Wang and Senior Application Security Engineer James Ritchey to dive into the evolution of GitLab's program over time, their decision to go public with their program, and how leveraging HackerOne's community has helped to find and fix security issues quickly.


https://www.hackerone.com/vulnerability-...wang-james

Your First 90 Days as Security Lead, Part 1: Building Your Security Foundation

You’ve just been named the new security lead for your organization. You probably have many projects swirling through your mind, like addressing a critical issue, benchmarking your organization against peers, or developing a broad plan. This two-part blog series details best practices for developing your program and the key steps to take during the first three months in your new role.



https://www.hackerone.com/vulnerability-...foundation

Launching the Hacker Calendar, Never Miss a Challenge Again

Hacker Calendar is a small but useful feature to track important dates and events via your calendar app. You can easily see all running challenges that you're part of and know their respective start and end dates.



https://www.hackerone.com/ethical-hacker...enge-again

Hackers have earned more than $50M in bug bounty cash on HackerOne: Time to celebrat

Hackers, congratulate yourselves on an incredible milestone, earning $50M+ for your contributions to a safer internet. HackerOne’s mission is to empower the world to build a safer internet, and you are the heroic individuals making that mission a day-to-day reality. Thank you for inspiring us with your creativity and talents. Keep pursuing the flags, squashing the bugs, and sharing the knowledge. Together. We. Hit. Harder. Happy hacking one and all!



https://www.hackerone.com/ethical-hacker...-celebrate

Cloud Security Alliance Webinar Recap: Avoid the Breach with Shopify’s Andrew Dunb

Security is a top priority for e-commerce giant Shopify, with over 600,000 businesses in 175 countries trusting them to sell online and everywhere in the world. Shopify's Vice President of Security Engineering and IT, Andrew Dunbar and HackerOne’s Luke Tucker discuss best practices for testing and securing cloud-based web applications.


https://www.hackerone.com/application-se...rew-dunbar

Hacker-Powered Data - Security Weaknesses and Embracing Risk with HackerOne

Vulnerabilities are a fact of life; risk comes with it. Today, companies, enterprises, & governments are embracing collaboration with hackers to find vulnerabilities before criminals have a chance to exploit them. Using 7 years of data from 1,400 bug bounty programs & 360,000+ valid vulnerabilities, this post offers a new analysis of the most common vulnerabilities not found on the OWASP top 10.


https://www.hackerone.com/application-se...-hackerone