HackerOne Raises $40 Million to Make the Internet Safer for Everyone

Discussion in 'HardForum Tech News' started by Zarathustra[H], Feb 8, 2017.

  1. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,432
    Joined:
    Oct 29, 2000
    HackerOne, a security vulnerability disclosure and bug bounty platform, has announced that they have raised $40 million in new funding in a series C investment round led by Dragoneer Investment Group. The company seeks to strengthen it's already strong position as an independent bug bounty service, to make bug bounty programs available to organizations which may not be large enough to establish their own.

    This sounds like a good venture to me. Anything that can get more eyeballs on security problems and fix them before they are exploited in the wild benefits all of us.

    “The best thing we ever did for security was start a bug bounty program.”

    These are the words Sheryl Sandberg spoke as she discussed the success of the program Alex Rice had established at Facebook in 2012. Shortly after, Alex joined forces with hackers from Holland, and HackerOne was founded to make the best practices of bug bounty programs available and affordable for all.
     
    ZeqOBpf6 likes this.
  2. krotch

    krotch [H]ardness Supreme

    Messages:
    4,509
    Joined:
    Aug 12, 2004
    So bug hunters for hire? Or they trying to do something like the bigger companies that say "If you find a bug, you can get X amount of cash for each bug?" kind of thing. The former makes sense from a business standpoint. The latter, not so much. Unless they're a non-profit organization.
     
  3. TwistedAegis

    TwistedAegis [H]ardForum Junkie

    Messages:
    8,958
    Joined:
    Oct 7, 2009
    It's the latter. HackerOne isn't actually paying out the bounties, they're providing a platform for smaller companies to be able to offer similar programs, albeit smaller bounties. Company X pays HackerOne, white hat finds a bug, reports it via platform, Company X validates and releases funds to white hat via HackerOne.
     
  4. krotch

    krotch [H]ardness Supreme

    Messages:
    4,509
    Joined:
    Aug 12, 2004
    Ah, okay. That makes sense. So Company X doesn't need to setup a website and hire personnel to maintain their own bug finding reward service. Thanks for that info.