Introducing Indian Rupee payments: Cheaper and faster bank transfers

We’re proud to announce that HackerOne now supports payments in Indian Rupees. The addition of Indian Rupees means we can now eliminate the roughly 5% conversion fee per bounty by using the “mid-market rate” to convert your bounties directly to Indian Rupees before sending them to your bank account.


https://www.hackerone.com/ethical-hacker...-transfers

Hyatt Launches Public Bug Bounty Program: Q&A with CISO Benjamin Vaughn

Today, Hyatt is launching its first public bug bounty program at HackerOne. To learn more about Hyatt’s program, their commitment to security and the hacker community, we sat down with Chief Information Security Officer Benjamin Vaughn.


https://www.hackerone.com/application-se...min-vaughn

Your First 90 Days as Security Lead, Part 2: Developing a Plan and Getting to Work

You’ve just been named the new security lead for your organization. You probably have many projects swirling through your mind, like addressing a critical issue, benchmarking your organization against peers, or developing a broad plan. This two-part blog series details best practices for developing your program and the key steps to take during the first three months in your new role.


https://www.hackerone.com/vulnerability-...tting-work

5 Tips for an Effective AppSec Testing Strategy

Applications have become the lifeblood of businesses in today’s connected world. Software is now the “front door” into your business for many people around the world. Caution is required, though. Applications exposed to the internet are also exposed to shady characters out to exploit your systems for their benefit, often at the expense of your customers and your business. This blog shares 5 tips for an effective application security testing strategy.


https://www.hackerone.com/application-se...g-strategy

Open-Xchange Approaches 3 Years of Bug Bounties & 250 Valid Vulnerabilities

Just shy of their third anniversary of bug bounties, web-based communication, collaboration and office productivity software company Open-Xchange (OX) is sharing the results of their program to-date. OX has seen nearly 250 valid vulnerabilities reported through the program and paid out over $80,000. Looking back, Security Officer Martin Heiland says bugs surfaced on HackerOne have cost about a tenth of what traditional pen testing has surfaced over the years.


https://www.hackerone.com/vulnerability-...rabilities

Riot Games Surpasses 1,000 Valid Reports: Q&A

At the end of 2018, Riot Games surpassed one of the biggest milestones of its bug bounty program to-date: 1,000 valid vulnerabilities reported to the program. Today, the League of Legends maker celebrates 1,000 issues fixed and 1,000 opportunities to better protect their over 80 million players worldwide. We connected with Riot Games Security Engineer Diarmaid McManus to learn more about what the milestone means to him and the team, as well as the greater impact HackerOne’s community has had on their security practice.


https://www.hackerone.com/vulnerability-...reports-qa

EU-FOSSA 2 Open Source Bug Bounty Programme Series | Q&A

Following the success of the European Commission’s pilot bug bounty programme with HackerOne last year, they are announcing the launch of a new bug bounty initiative involving open source software on a much larger scale. This bug bounty programme run by the EU-Free and Open Source Software Auditing (EU-FOSSA 2) project, aims to help EU institutions better protect their critical software. We recently chatted separately with Marek Przybyszewski and Saranjit Arora who are leading the EU-FOSSA 2 project.


https://www.hackerone.com/company-news/e...-series-qa

Launching the Hacker Calendar, Never Miss a Challenge Again

Hacker Calendar is a small but useful feature to track important dates and events via your calendar app. You can easily see all running challenges that you're part of and know their respective start and end dates.


https://www.hackerone.com/ethical-hacker...enge-again

Introducing My Programs

We’re proud to announce the release of My Programs, the next iteration of Hacker Dashboard. My Programs is a completely new page in the dashboard that replaces the old “accepted invitations” page. In addition to the accepted invitations, My Programs now lists all public programs you have previously submitted a report to.


https://www.hackerone.com/ethical-hacker...y-programs

Alibaba and HackerOne Join Forces in Global Vulnerability Testing Program

Alibaba, one of the world’s largest Internet companies is joining HackerOne to tap into the technical expertise of the world’s best cybersecurity experts to implement a global vulnerability disclosure program (VDP) to help boost security and better protect customers, transactions, and the Alibaba ecosystem. Today, Alibaba has announced that all participating cybersecurity researchers who submit valid vulnerabilities will receive a limited production physical challenge coin issued by Alibaba and HackerOne — a “metal medal of honor” – to recognize their contributions. The coin is awarded in addition to the incentives researchers receive as active members of the HackerOne community.


https://www.hackerone.com/vulnerability-...ng-program