Bug Bounty

Bug bounty best practices, guides and user stories you should consider as you plan for, launch or evolve a continuous security testing program.

  • Bug Bounty Solution Brief 2023

    Bug Bounty Solution Brief 2023

    HackerOne Bug Bounty helps minimize your threat exposure by leveraging a legion of ethical hackers to provide preemptive and continuous oversight for your expanding digital landscape.

    Read More
  • How Ethical Hackers Are Helping Security Leaders Navigate the Budget Crunch

    How Ethical Hackers Are Helping Security Leaders Navigate the Budget Crunch

    Over the course of a few weeks, we had conversations with 50+ CISOs and security leaders from a wide range of industries, organization sizes, and geographic locations to find out how they balance...

    Read Article

  • Watch our newest Bug Bounty video & sign up for a free demo.

    Get Started
  • eBook: Executive Guide to Human Security Testing

    eBook: Executive Guide to Human Security Testing

    Read More
  • Beyond a VDP: How a Challenge Brings Proactive Security to Your Agency

    Beyond a VDP: How a Challenge Brings Proactive Security to Your Agency

    Vulnerability Disclosure Programs create an effective means for researchers and other users to report discovered vulnerabilities and weaknesses. Because federal agencies have a significant impact...

    Read Article
  • Introducing Program Levels: Hacker-friendly Practices that Improve Program Results

    Introducing Program Levels: Hacker-friendly Practices that Improve Program Results

    One of the most important lessons we have learned is that organizations with the most successful bug bounty and Vulnerability Disclosure Programs are good partners with the hacker community. When...

    Read Article

  • Explore our catalog of on-demand video content.

    View All Videos
  • How OneWeb is Safeguarding its Assets with the Hacker Community

    How OneWeb is Safeguarding its Assets with the Hacker Community

    We recently sat down with Wendy Ng, Principal Cloud Security Architect at OneWeb, to talk about their experience with their private HackerOne bug bounty program. Wendy shared OneWeb’s approach to...

    Read Article
  • Ambassador Spotlight: Encryptsaan123

    Ambassador Spotlight: Encryptsaan123

    What made you want to become an ambassador?  There are several reasons why I decided to become an ambassador at HackerOne. Firstly, I am passionate about ethical hacking and bug bounty. Being an...

    Read Article
  • TikTok Celebrates Two Years of Bug Bounty

    TikTok Celebrates Two Years of Bug Bounty

    In the last two years of their bug bounty program, the hacker community has helped TikTok identify and disclose 450 vulnerabilities in their public-facing assets. In response, TikTok has awarded...

    Read Article
  • Rise of Internet Bug Bounty

    Rise of Internet Bug Bounty

    Are you a veteran hacker, someone who loves code review, or looking to get your first CVE? Then, I have something to share with you. Let's talk about the Internet Bug Bounty (IBB).  Wide Open...

    Read Article
  • PayPal's Third LHE Brings Top Global Hackers to the Virtual Stage

    PayPal's Third LHE Brings Top Global Hackers to the Virtual Stage

    PayPal has been partnering with the hacker community since launching a bug bounty program in 2012 and in April 2022, they returned for their third live hacking event. As usual, PayPal showed up...

    Read Article
  • How Bug Bounty Uncovered A 5-Year-Old Vulnerability In Hours

    How Bug Bounty Uncovered A 5-Year-Old Vulnerability In Hours

    When PullRequest was acquired, these concerns became HackerOne’s challenges. When we finalized the acquisition, we immediately added PullRequest’s assets to the scope of HackerOne’s own bug bounty...

    Read Article
  • Bug Bounty Readiness Assessment Questionairre

    Bug Bounty Readiness Assessment Questionairre

    Read More
  • Bug Bounty vs. VDP | Which Program Is Right for You?

    Bug Bounty vs. VDP | Which Program Is Right for You?

    What Are the Key Differences Between Bug Bounty and VDPs? A VDP is a structured method for third parties, researchers, and ethical hackers to report vulnerabilities easily.  A bug bounty is a...

    Read Article
  • 5 Articles to Get You Up-to-Speed on Bug Bounty Programs

    5 Articles to Get You Up-to-Speed on Bug Bounty Programs

    This article shares five valuable resources about bug bounty programs, why they are useful, how to implement them, and how they can improve your organization’s security and...

    Read Article
  • Snap & AWS Case Study

    Snap & AWS Case Study

    Learn how Snap engages with AWS and HackerOne to help them ensure their products are secure, be prepared to address ever-changing risks, and continue to scale with confidence.

    Read More
  • Hacker-Powered Security Report: Industry Insights

    Hacker-Powered Security Report: Industry Insights

    Read More
  • Reddit's Bug Bounty Program Kicks Off: Q&A with Reddit's Allison Miller and Spencer Koch, and Top Program Hacker @RENEKROKA

    Reddit's Bug Bounty Program Kicks Off: Q&A with Reddit's Allison Miller and Spencer Koch, and Top Program Hacker @RENEKROKA

    After three years running a successful private bug bounty program on HackerOne, Reddit has announced that it’s taking their bug bounty program public. We sat down with Reddit’s CISO and VP of...

    Read Article
  • Hacker-Powered Security Helps Mercado Libre Scale And Deliver

    Hacker-Powered Security Helps Mercado Libre Scale And Deliver

    Read More
  • A Mobile Bank’s Bug Bounty Story

    A Mobile Bank’s Bug Bounty Story

    Read More
  • The Beginners’ Guide to Bug Bounty Programs

    The Beginners’ Guide to Bug Bounty Programs

    Read More
  • Loading More...
See more