An Attorney’s View of Vulnerability Disclosure

Vulnerability Disclosure Programs (VDPs) are not only being promoted by more and more organizations and officials, they’re an easy-to-implement yet critical part of any company’s security apparatus. But there are legal issues to consider, and we had a top cybersecurity attorney offering advice at the recent Security@ event.


https://www.hackerone.com/vulnerability-...disclosure

Bug Bounty or Bust! The Art of Triage

Tips on how to best set yourself up operationally to handle the loads of reports flying your way, as well as more in-depth tips on how to handle common scenarios on individual reports.


https://www.hackerone.com/company-news/b...art-triage

Double your signal, double your fun

Human-Augmented Signal improves the signal of programs as reports flagged with a high noise probability are reviewed by HackerOne security analysts. After our system utilizes various criteria to automatically classify all incoming reports, reports with potential noise are forwarded to HackerOne security analysts for review.



https://www.hackerone.com/company-news/d...e-your-fun

Breaking the Bank: Getting Financial Services Companies to Embrace Hacker-Powered Se

How the tide is shifting, and financial services firms are realizing that the economics of hacker-powered security outweigh the risks as presented at Security@ San Francisco.


https://www.hackerone.com/company-news/b...d-security

Hacker101: Free class for web security. Let’s break some stuff

Hacker101 is a free class for web security. Whether you're a programmer with an interest in bug bounties or a seasoned security professional, Hacker101 has something to teach you.


https://www.hackerone.com/ethical-hacker...some-stuff

Healthy programs make for happy hackers. Introducing response SLAs

How do you measure the success of your HackerOne program? What are the top things hackers look for from security teams? Ever wonder how your peers at other companies are doing against their key performance indicators?

To answer these questions and more, today we’re launching our new response service level agreement (SLA) features to make it easier for you to maintain a healthy, responsive program.


https://www.hackerone.com/ethical-hacker...ponse-slas

Updated Hacker Invitations: Hack more, hack better

Program invitations are getting better. Way better. Check out the new features to help you manage the invitations you receive on HackerOne.


https://www.hackerone.com/ethical-hacker...ack-better

U.S. Senate Hearing - Data Security and Bug Bounty Programs: Lessons Learned

HackerOne was invited to testify in front of the U.S. Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security. We are honored to join the Senate and leaders in our industry to discuss the role hackers can play in strengthening security.


https://www.hackerone.com/application-se...ns-learned

Q&A with Jane Frankland: GDPR, CISOs, and Women in Cybersecurity

Jane Frankland is an award-winning entrepreneur, speaker, and consultant in cybersecurity and entrepreneurism. For more than 20 years, Jane has been focused on cybersecurity, and has been actively involved in OWASP, CREST and the Cyber Essentials scheme. She a prolific author, having been featured in leading publications and appeared on iconic British media programmes. She has also just published a new book about women in security.


https://www.hackerone.com/security-compl...ersecurity

Google Play increases bounties and expands scope for Android apps

Google is announcing updates to the program, including expanded vulnerability criteria and increased payouts.


https://www.hackerone.com/ethical-hacker...droid-apps