Harnessing the Working Genius for Team Success
Employees at HackerOne utilize the Working Genius model, which provides individuals and teams with a straightforward, practical, and effective framework for leveraging each other’s natural…
Category: Mix
Hack My Career: Saskia Braucher
When Saskia joined the tech world, she didn’t follow the conventional path of computer science degrees or coding boot camps. Instead, her journey was shaped…
New Guidance for Federal AI Procurement Embraces Red Teaming and Other HackerOne Suggestions
Earlier this year, the Office of Management and Budget (OMB), which establishes budget rules for federal agencies, issued a memorandum on Advancing the Responsible Acquisition of…
Six Years of Proactive Defense: Deribit’s Journey with HackerOne
Q: Why did Deribit launch a bug bounty program? A: I like to view security as an onion where each additional layer provides additional protection…
Introducing the Wells Fargo Public Bug Bounty Program
Since then, we’ve grown the program, collaborated with HackerOne, and built partnerships within the bug bounty community. The valuable insights we’ve gained from security researchers…
How Crypto and Blockchain Organizations Manage Complex Attack Surfaces With Competitive Security Testing Programs
There are three factors that differentiate crypto and blockchain organizations from other industries; their attack surfaces, their most common vulnerabilities, and the amount they spend…
How a Privilege Escalation Led to Unrestricted Admin Account Creation in Shopify
In a privilege escalation attack, an attacker gains elevated rights, permissions, or entitlements beyond the intended level associated with their identity, account, or device. Systems…
New York Releases AI Cybersecurity Guidance: What You Need to Know
AI adoption is accelerating in the financial services industry, both as an asset for improving business operations and as a potential tool to defend against…
The OWASP Top 10 for LLMs 2025: How GenAI Risks Are Evolving
Here is HackerOne’s perspective on the Top 10 list for LLM vulnerabilities, how the list has changed, and what solutions can help secure against these…
ROI Isn’t Cutting It: 6 Questions to Help CISOs Better Quantify Security Investments
However, in cybersecurity, quantifying net profit becomes significantly more complex due to the intangible nature of its benefits and the absence of direct revenue generation.…
Introducing Lightspark’s Public Bug Bounty Program
Expanding Our Bug Bounty Program At Lightspark, we’ve always been focused on security that meets and exceeds industry standards. We’ve been partnering with HackerOne, the global…
Resurrecting Shift-Left With Human-in-the-loop AI
What’s Needed for Secure by Design Success We spent years understanding the culprits of why “shift-left” controls fail to identify the principles needed for them…