Your TL;DR Summary of The CERT Guide to Coordinated Vulnerability Disclosure

The CERT Coordination Center at Carnegie Mellon University’s Software Engineering Institute (SEI) recently released The CERT Guide to Coordinated Vulnerability Disclosure. It is an amazingly detailed, clever, and complete guide to explaining the need for coordinated vulnerability disclosure (CVD). We've done our best to give you the cliff notes and even included some additional helpful resources at the end.


https://www.hackerone.com/vulnerability-...disclosure

XOXO: We Love Coinbase for Loving Bug Bounties

Coinbase just professed their love for bug bounty programs, and it kind of makes us blush. Read all about their program’s evolution and how they’ve paid out more than $175,000 in bounties over the past 5 years.


https://www.hackerone.com/vulnerability-...g-bounties

HackerOne CEO joins Node.js Foundation Board

HackerOne has joined the Node.js Foundation as a member and CEO Marten Mickos has joined its board. Node.js Foundation sat down with Marten to learn more about his vision, mission and why he’s passionate about Node.js and the open source community.


https://www.hackerone.com/company-news/h...tion-board

Hacker-Powered Pen Tests and The Power of More

Traditional pen tests can be expensive, especially those that produce low-hanging fruit results. And even more painful when you pay the same price tag for the low-value pen test report as the report revealing multiple critical vulnerabilities. With hacker-powered penetration testing, on the other hand you tap into more of the best talent, without a huge initial price tag.


https://www.hackerone.com/penetration-te...power-more

Hack The Pentagon Turns One on HackerOne

Great news for U.S. citizens! Over 3,000 valid security vulnerabilities have been resolved with the U.S. Department of Defense’s “Hack the Pentagon” hacker-powered security program.


https://www.hackerone.com/ethical-hacker...-hackerone

Hack your way to NYC this December for h1-212

Want to win an all expenses paid trip to New York City to hack against HackerOne 1337 and a chance to earn up to $100,000 in bounties? The h1-212 CTF is here!


https://www.hackerone.com/ethical-hacker...ber-h1-212

H1-212 CTF results

Thanks to all of you who participated in our first ever h1-212 CTF! We had a lot of fun building it and it looks like many of you had a great time participating.


https://www.hackerone.com/ethical-hacker...tf-results

The Voices of Vulnerability Disclosure: Look Who’s Talking About VDPs

The attention being given to vulnerability disclosure policies (VDP) in the past year has increased dramatically. It might be the latest high-profile breach that sparks a comment, but more and more, it’s the attitude that VDPs aren’t just nice-to-haves, they’re critical tools for every cyber security team.


https://www.hackerone.com/vulnerability-...about-vdps

Breach Basics: Preparation for the Inevitable

Data breaches in information security have become an inescapable reality. A common inquiry we receive here at HackerOne is for guidance on how to most effectively respond to one of these unfortunate incidents. There are no easy answers. Our hope is the following guidance can serve as recommendations for any victim of a breach.


https://www.hackerone.com/company-news/b...inevitable

The ICO’s 12-Step Guide to GDPR Compliance

The United Kingdom’s Information Commissioner’s Office suggested “12 steps to take now” to get ahead of GDPR’s impact on your operations and processes. We’ve put together a quick recap available on our resources page.


https://www.hackerone.com/vulnerability-...compliance