HackerOne Archives

Secretary of Defense Lloyd Austin. (Saul Loeb/AFP via Getty Images)

DOD expands vulnerability disclosure program, giving hackers more approved targets

The expansion comes as the DOD eyes broader changes for its Vulnerability Disclosure Program.

May 5, 2021 By Shannon Vavra

pwn2own Vancouver 2019 day 2 — Richard Zhu, center, and Amat Cama, standing to Zhu’s left, demonstrate their Firefox exploit at the Pwn2Own conference in March 2019 in Vancouver, British Columbia. (Pwn2Own)

HackerOne, Verizon Media weigh pros and cons of making live hacking contests virtual

The good thing about it was that it was big. The bad thing about it? That it was big.

Dec 14, 2020 By Tim Starks

TikTok unveils bug bounty program, scraps with US government in court over looming ban

The video-sharing app is expanding its existing vulnerability disclosure program.

Oct 15, 2020 By Tim Starks

Supreme Court. Photo: Richard Gillin/Flickr (CC BY SA 2.0)

Security researchers slam Voatz brief to the Supreme Court on anti-hacking law

Much is at stake when the Supreme Court considers the Computer Fraud and Abuse Act.

Sep 14, 2020 By Sean Lyngaas

Voatz app, mobile voting, elections, election security, blockchain, voatz hackerone — A sign of Voatz’s deteriorating relationship with HackerOne came last month when researchers noticed that Voatz had updated its policy on the HackerOne website, saying it couldn’t “guarantee safe harbor” for researchers accessing the company’s live election systems. (Scoop News Group)

Voatz urges Supreme Court to not protect ethical research from prosecution

The Boston-based company previously severed ties with a bug bounty platform over a discrepancy.

Sep 4, 2020 By Jeff Stone

Shopify bug bounty — Transparency is key for Shopify’s bug bounty program. (Getty Images)

What Shopify has learned from five years of bug bounty programs

In this op-ed, a senior security engineer for Shopify discusses what has made the company's bug bounty program so successful. (Hint: it's the not the payouts.)

May 5, 2020 By Pete Yaworski

HackerOne cuts ties with mobile voting firm Voatz after it clashed with researchers

It's the first program that has ever been kicked off the HackerOne platform, according to a HackerOne spokesperson.

Mar 30, 2020 By Sean Lyngaas

dod apache struts — (chucka_nc / flickr )

Cyber Command’s bug bounty program uncovers more than 30 vulnerabilities

The bug bounty program, sponsored by U.S. Cyber Command, zeroed in on finding vulnerabilities external to the Department of Defense Information Network.

Oct 14, 2019 By Shannon Vavra

California’s new labor law is going to impact bug bounty companies. By how much is unknown.

Uber and Lyft aren't the only companies wrestling with California's new labor law.

Sep 26, 2019 By Jeff Stone

bug bounty pen testing — (Alexandre Dulaunoy / Wikicommons)

Why bug bounty firms want to be penetration testing companies

The bug bounty workforce isn't a large one -- so bug bounty companies are pivoting to a different model.

Apr 12, 2019 By Jeff Stone