A Thank You to the Hacker Group, From HackerOne

After I joined HackerOne final 12 months, the vitality of the hacker neighborhood drew me to this group. And as Chief Hacking Officer, I see the impression this neighborhood makes each day. Collectively, we’ve recognized practically 300,000 vulnerabilities by means of our applications — 300,000 fewer methods cybercriminals can hurt society. That’s why I am right here to say thanks on behalf of our prospects and everybody at HackerOne.

The neighborhood will at all times be the epicenter of HackerOne’s platform and enterprise. We need to stay a spot the place new hackers can be part of and nurture the identical ardour that drives HackerOne’s mission to construct a safer web.

Our platform has tailored as we’ve grown, working by means of the complexities of intermediating between world organizations and the hacker neighborhood; this may typically end in conflicts.  I’m the primary to confess we’re not good, and we’re attempting our greatest to take heed to the neighborhood’s suggestions as we develop. We need to deal with frustrations – from product options to program habits.

It’s our duty to information and guardrail our prospects to construct higher program experiences for hackers. In spite of everything, when the neighborhood is comfortable, HackerOne prospects obtain higher safety. That’s why we’ve devoted time this 12 months to making sure product updates and platform options squash the issues that irritate hackers.

First, we’re working to construct an general higher hacker expertise on our platform, so hackers can earn extra and discover extra appropriate alternatives for his or her talent units. Most not too long ago, we’ve:

• Consolidated the hacker dashboard to simplify navigation for hackers on the platform.
• Constructed a extra dynamic leaderboard for Stay Hacking Occasions to streamline checking general occasion and particular person efficiency stats.
• Improved our report writing suite by means of drag-and-drop options, draft creation, and administration and collaboration instruments.
• Launched an replace to our machine-learning (ML) invitation system to pick out applications for hackers primarily based upon a fancy set of standards, and ensure we provide the perfect alternatives to hackers and the very best engagement to prospects.
• Refined how hackers can filter and kind program invites on the “My Programs” web page to simplify how hackers determine their greatest alternatives for rewards.
• Added a European HackerOne Gateway (VPN) occasion to develop and velocity up entry to managed assets for our EMEA hackers.
• Recruited Hacker Success Managers (HSMs) to construct our inner hacker advocacy and nurture abilities growth for the neighborhood. We are going to share extra particulars about our HSMs quickly and plan to proceed to recruit extra to help the neighborhood additional.

Second, we’ve made devoted function enhancements and launched new merchandise that supply extra methods for hackers to earn financial rewards and make program work simpler:

• We elevated retesting home windows throughout our merchandise from 24 to 72 hours to provide hackers extra time to reply throughout engagements.
• We launched HackerOne Assetswhich is able to supply new methods for hackers to earn cash on our platform by leveraging their reconnaissance abilities to determine safety gaps.
• We made current updates to our HackerOne Pentest expertise, together with adjusting how informative bugs discovered throughout pentests impression reputation points and signal. Quickly, we’re launching a Pentester Availability Calendar for simpler coordination throughout engagements and enhancing Pentester Charges (previously rewards).
• We launched Campaigns to simplify how prospects increase bounties for hackers on applications.

Lastly, and most critically, we proceed to look at how you can refine our mediation course of and incentivize prospects to enhance their program insurance policies and habits:

• We’re launching a brand new program replace this month to encourage prospects to implement requirements and greatest practices that enhance the hacker expertise on applications.
• We are going to share extra about our triage and mediation course of this monthtogether with a better have a look at our longstanding Make It Right Fund, which HackerOne makes use of to pay out hackers once we decide that a company has obtained worth however did not reward it. After all, it’s higher to course-correct by means of program schooling about trade greatest practices, so I might be documenting some case research the place mediation and the workplace of the Chief Hacking Officer have stepped in to right an end result.

We’re dedicated to utilizing our learnings productively and higher defining baseline program habits necessities throughout our platform. Whereas that is just the start, I hope it excites you to know that we’re working to create extra and higher alternatives for you, the hacker neighborhood. We respect every thing you do for our prospects and us. Collectively, we hit more durable!

On behalf of HackerOne,

Chris Evans

Chief Hacking Officer and CISO