HackerOne

In this blog, we are excited to announce our white paper on Return on Mitigation (RoM), a framework we designed to quantify the financial impact of security programs in a way that speaks to business leaders.

At Snap, security is more than a priority—it’s a core mission. Over the past decade, Snap has partnered with HackerOne to build and sustain a robust bug bounty program. This collaboration has led to major milestones, including paying security researchers over $1M in bounties. To celebrate this achievement and their 10-year partnership, we spoke with Jim Higgins, Snap’s Chief Information Security Officer, Vinay Prabhushankar, Snap’s Security Engineering Manager, and Ilana Arbisser, Snap’s Privacy Engineer.

What if your security program could self-optimize: analyze trends, identify weak points, and proactively propose actionable steps to strengthen defenses? With HackerOne Recommendations, it can.

What are Hackbots and how are they impacting vulnerability discovery and the researcher community?

The new DORA regulation: everything your organization needs to know about its impact and how to comply.

The HackerOne Policy team analyzes cybersecurity and AI regulation in the U.S. under the incoming administration.

Applying human-in-the-loop principles creates application security controls loved by developers. See how.

HackerOne CEO Kara Sprague explores how the modern CISO can face mounting pressures in cybersecurity.

Let’s explore how human-in-the-loop AI can help implement successful secure-by-design.

Lightspark is excited to announce the launch of its public bug bounty program with HackerOne.

What is the Digital Millennium Copyright Act and what are the implications of its recent ruling for AI researchers?

Why ROI is not the most effective method to quantify cybersecurity investments — and how ROM can help.

The new OWASP Top 10 for LLMs is here. How has it changed, and how can organizations prevent GenAI risks?

Learn about the different types of insecure design vulnerabilities and how to identify them.

What does New York’s new AI Cybersecurity Guidance mean for financial institutions and other regulated companies?

Learn the testing methodologies and security best practices for Azure Cloud Configuration Review.

This Shopify privilege escalation vulnerability could have resulted in the creation of unrestricted admin accounts.

What makes securing crypto and blockchain organizations so different than other industries? Let’s look at the data.

Wells Fargo announces its public bug bounty program after several years of engaging the HackerOne community.

Learn how Deribit uses its HackerOne bug bounty program for its proactive security strategy.

The U.S. government has embraced HackerOne’s recommendations for the new federal AI procurements guidance.

Hai, HackerOne’s AI copilot has 3 new capabilities: Hai analytics, contextual conversations, and an enhanced user experience.

Is your organization ready for a bug bounty program? These 5 questions will help assess your security program’s bug bounty readiness.

Security leaders at REI, AS Watson, and Mercado Libre explain why retail and e-commerce organizations trust security researchers.

Learn about the new NIS2 Directive requirements and how to achieve compliance through pentesting, VDP, and bug bounty.

Read the top 5 learnings attendees gained by joining one of our Security@ 2024 World Tour events.