Bug Bounty Field Manual: The Definitive Guide for Planning, Launching, and Operating

Writing the Bug Bounty Field Manual was a herculean task. Just ask Adam Bacchus, the distinguished author of this manual. But as he’ll tell you, it was also an incredibly enjoyable piece to write.


https://www.hackerone.com/application-se...-operating

Tapping Hackers for Continuous Security

Last week, I attended the FinDEVr conference in New York City. The 2-day conference is focused on the technology aspect of fintech. Attendees ranged from financial institutions to data analytics startups coming from places like Canada, the U.K, and all across the U.S. At the conference, I gave a talk titled “Tapping Hackers for Continuous Security”. Here’s a recap of the topics I addressed.


https://www.hackerone.com/events/tapping...s-security

Bug fixes just got a little easier; HackerOne introduces bi-directional JIRA integra

It’s now possible to view updates on JIRA issues right inside your HackerOne Reports. The two-way integration means that whenever a JIRA issue changes state, an internal comment is posted on the appropriate HackerOne Report. No more going back and forth between JIRA and HackerOne!



https://www.hackerone.com/application-se...ional-jira

More Hardware, More Problems

Bounties are for hardware, too. Microwaves notwithstanding, there is an increasing amount of connected technology in our homes, cars, and workplaces. Unfortunately, each of them comes with more and more potential vulnerabilities.


https://www.hackerone.com/vulnerability-...e-problems

Zero Daily Newsletter: Fun, yet informative, AppSec, bug bounty, and hacker news

Read the news every day, and check the usual websites? Want to get your industry news and have a little humor dashed in? With Zero Daily you can have your cake and eat it too: we include links and brief sound bites on some of the top news in application security, bug bounty, and hacker topics but with a fun and non-markety flair.


https://www.hackerone.com/ethical-hacker...acker-news

Announcing the Largest DoD Bug Bounty Challenge Ever: Hack the Air Force

The Air Force is asking hackers to take their best shot following the success of Hack the Pentagon and Hack the Army bug bounty challenges.


https://www.hackerone.com/ethical-hacker...-air-force

HackerOne and JIRA integration update: more improvements, fewer clicks

More good news around making simple cross-platform tasks even easier - specifically, we’ve got three updates that improve ease-of-use and two-way integration: HackerOne for JIRA via the Atlassian Marketplace, One-click JIRA issue creation in HackerOne, and stronger two-way communication.


https://www.hackerone.com/company-news/h...wer-clicks

Ethical considerations of access to the HackerOne community

We believe every organization that creates connected technology needs a Vulnerability Disclosure Policy. This rings especially true wherever a security incident would place the safety of others in jeopardy.


https://www.hackerone.com/ethical-hacker...-community

Bug Bounty Programs — Why Should I Care?

Every digital company has software vulnerabilities, and they get terribly expensive in case of a breach. Traditional methods of finding vulnerabilities are slow and costly. Bug bounty programs find vulnerabilities quickly, broadly and deeply thanks to clever testing from the outside by a large community of security researchers and ethical hackers.


https://www.hackerone.com/application-se...uld-i-care

HackerOne’s Approach to Triage

Triage is critical to any vulnerability disclosure process or bug bounty program. Similar to triaging in a hospital emergency room, it’s crucial that issues are diagnosed as soon as they arrive.


https://www.hackerone.com/security-compl...ach-triage