HackerOne

The HackerOne Blog

  • HackerOne Company Values Matter: Respect All People

    HackerOne Company Values Matter: Respect All People

    At HackerOne, our company values - Default to Disclosure, Respect All People, Win as a Team, Lead with Integrity, and Execute with Excellence - reflect our beliefs, priorities, and...

    Read Article
  • Re-live the Security@ magic in our on-demand video library!

    Take me there!
  • Recap: Experts Break Down AI Red Teaming in a Live Q&A

    Recap: Experts Break Down AI Red Teaming in a Live Q&A

    The participants answered live as well as carefully curated questions from popular community platforms such as Quora, Reddit, LinkedIn, and Zoom. Below is a quick look into the question...

    Read Article
  • Vulnerability Disclosure Policy Requirements for UK Smart Products

    Vulnerability Disclosure Policy Requirements for UK Smart Products

    New security regulations for connected devices and related guidance enter into force in the United Kingdom at the end of April. The UK Product Security and Telecommunications Infrastructure (PSTI)...

    Read Article
  • How an Information Disclosure Vulnerability Led to Critical Data Exposure

    How an Information Disclosure Vulnerability Led to Critical Data Exposure

    HackerOne’s 7th Annual Hacker-Powered Security Report states that information disclosure is the third most common vulnerability reported in both bug bounty and pentest. It makes up 11% of all...

    Read Article
  • Reversing The Trend: Support and Mediation Win as a Team

    Reversing The Trend: Support and Mediation Win as a Team

    It was a daunting task, especially considering the target was hovering around 52% at the time. But as the team responsible for supporting our customer and hacker community, they knew it was a...

    Read Article
  • Decoding the Characteristics of Modern Pentesting: Effectiveness

    Decoding the Characteristics of Modern Pentesting: Effectiveness

    Quality/Effectiveness: Effectiveness measures the method's ability to provide reliable and accurate vulnerability detections, comprehensive system coverage, compliance with standards, and a...

    Read Article
  • Degrees of Innovation: HackerOne’s Next Step in Inclusive Hiring

    Degrees of Innovation: HackerOne’s Next Step in Inclusive Hiring

    To reflect this, we're changing our hiring practices – we no longer require a bachelor's degree on most job descriptions. Instead, we're focusing on a skill-based hiring experience.Why are we...

    Read Article
  • HackerOne’s In-Depth Approach to Vulnerability Triage and Validation

    HackerOne’s In-Depth Approach to Vulnerability Triage and Validation

    Like triaging in a hospital emergency room, security issues must be diagnosed and handled by an expert as soon as they arrive. But it doesn’t stop there. Just as an ER needs good doctors, a triage...

    Read Article
  • AI Safety vs. AI Security

    AI Safety vs. AI Security

    What Is the Difference Between Red Teaming For AI Safety and AI Security?AI red teaming is a form of AI testing to find flaws and vulnerabilities, and the method can be used for both AI safety and...

    Read Article
  • Shift Left is Dead: A Post Mortem

    Shift Left is Dead: A Post Mortem

    The goal of shift left — to catch vulnerabilities early in the software development lifecycle (SDLC) — is sound and critically important. But, when it comes to results, the overwhelming majority...

    Read Article
  • NCSC Recognises The Work Of Ethical Hackers With An Appreciation Event

    NCSC Recognises The Work Of Ethical Hackers With An Appreciation Event

    The NCSC’s VRS JourneySince 2018, 844 hackers have submitted vulnerabilities to the NCSC’s VRS. The NCSC invited a selection of those hackers who have shown themselves to be exemplars of...

    Read Article
  • The White House Should Prioritize Cybersecurity in its Budget

    The White House Should Prioritize Cybersecurity in its Budget

    Recommendations for the FY2025 President’s BudgetAlthough there has been a consistent increase in cybersecurity funding across civilian agencies, the government is far from finished when it comes...

    Read Article
  • Hai: The AI Assistant for Vulnerability Intelligence

    Hai: The AI Assistant for Vulnerability Intelligence

    This week, we have officially launched the beta version of our GenAI co-pilot, Hai. Hai introduces GenAI capabilities into the HackerOne Platform. With deep security knowledge and strong reasoning...

    Read Article
  • Snap's Safety Efforts With AI Red Teaming From HackerOne

    Snap's Safety Efforts With AI Red Teaming From HackerOne

    Explaining The Difference Between Red Teaming For AI Safety and AI SecurityAI red teaming for safety issues focuses on preventing AI systems from generating harmful content, such as providing...

    Read Article
  • The Risk of AI Voice Cloning: Q&A With an AI Hacker

    The Risk of AI Voice Cloning: Q&A With an AI Hacker

    Q: What Is AI Voice Cloning?A: AI is voice cloning technology that allows anyone to take a little bit of audio — it could be less than 30 seconds — and totally recreate the voice in that audio,...

    Read Article
  • Decoding the Characteristics of Modern Pentesting: Speed

    Decoding the Characteristics of Modern Pentesting: Speed

    In evaluating the myriad of security testing methodologies available, we consider them against three pivotal metrics to ascertain their overall efficacy and alignment with organizational...

    Read Article
  • How an Improper Access Control Vulnerability Led to Account Theft in One Click

    How an Improper Access Control Vulnerability Led to Account Theft in One Click

    HackerOne’s 7th Annual Hacker Powered Security Report states that improper access control is the second most common vulnerability reported in a bug bounty and number four reported in a pentest. It...

    Read Article
  • How to Use AI Prompting for Security Vulnerabilities

    How to Use AI Prompting for Security Vulnerabilities

    What Is an AI Prompt?A prompt is an instruction given to an LLM to retrieve desired information to have it perform a desired task. There are so many things that we can do with LLMs and so much...

    Read Article
  • Recap: Elite Pentesters Tell All in a Live Q&A

    Recap: Elite Pentesters Tell All in a Live Q&A

    The participants answered live as well as carefully curated questions from popular community platforms such as Quora, Reddit, and LinkedIn. Below is a quick look into the question...

    Read Article
  • How to Find Mistakes Earlier and Save Money With Code Security Audit

    How to Find Mistakes Earlier and Save Money With Code Security Audit

    As a result, it’s only natural that code gets shipped with security flaws. Thankfully, many organizations have solutions in place to catch security vulnerabilities after code is shipped, like...

    Read Article
  • loading
    Loading More...