Building a Safer Internet with HackerOne

by | Fri 8 Jul 2016

Recently I started doing some work with HackerOne and I thought many of you would find it interesting enough for me to share.

A while back my friend Mårten Mickos joined HackerOne as CEO. Around that time we had lunch and he shared with me more about the company. Mårten has an impressive track record, and I could see why he was so passionate about his new gig.

The idea is pretty neat: HackerOne provides a service where companies (e.g. Uber, Slack, General Motors etc, and even The Pentagon) can provide a bug bounty program that invites hackers to find security flaws in their products and services. The company specifies the scope of the program (e.g. which properties/apps), and hackers are encouraged to find and submit vulnerability reports. When a report is approved, the hacker is often issued a payment.

HackerOne is interesting for a few reasons. Firstly, it is helping to build a safer and more secure world. As we have seen in open source, crowdfunding, and crowdsourcing, a productive and enabled community can deliver great results and expand the scope of operations far beyond that of a single organization. This is such a logical fit when it comes to security as the potential attack surface is growing larger and larger every day as more of our lives move into a digital realm.

What I also love about HackerOne is the opportunity it opens up for those passionate about security. It provides a playground where hackers can safely explore vulnerabilities, report them responsibly, build experience and relationships with security teams at popular companies, and earn some money. Some hackers on HackerOne are earning significant amounts of money (some even doing this full-time), and some are just having a blast on evenings and weekends earning some extra cash while having fun hacking.

I am working with HackerOne on the community strategy and execution side and it has been interesting exploring the different elements of building an engaged community of hackers. One of the things I have learned over the years building communities is that every one is different, and that is very much the case for HackerOne.

Familiar Ground

More broadly, it is also interesting to see echoes of similar challenges that faced open source in the early days, but now applied to hacking. Back then the world was presented with the open source model in which anyone, anywhere, could contribute their skills and talents to improve software. Many organizations back then were pretty weirded out by this. They worried about their intellectual property, the impact on their customers, losing control, and how they would manage the PR.


Believe it or not, WarGames is not a documentary.

In a similar way, HackerOne is presenting a model in which organizations can tap the talents of a distributed community of hackers. While some organizations will have similar concerns to the ones back in the early days of open source, I am confident we will traverse those. This will be great for the Internet, great for organizations, and great for hackers.

Get Involved

If you are a hacker, or a programmer who would like to learn about security and try your hand, go and sign up, then find a program, and submit a report.

If you are an existing HackerOne user, I would also love to hear your feedback, thoughts, and ideas about how we can build the very best community. Feel free to send me an email to [email protected] – let’s build a powerful, engaged, global community that is making the world more secure and making hackers more successful.

An invitation-only accelerator that develops industry-leading community engagement and growth via personalized training, coaching, and accountability...all tailored to your company's needs.

Want to read some more?

Decoding DevRel: Exploring Job Roles in Developer Relations

Decoding DevRel: Exploring Job Roles in Developer Relations

DevRel, short for Developer Relations, is a critical part of many tech companies. It refers to the strategic efforts aimed at engaging and nurturing relationships with the developer community. This involves creating a conducive environment for developers, facilitating...

What is Developer Relations (DevRel)? A Complete Guide.

What is Developer Relations (DevRel)? A Complete Guide.

Developer Relations, commonly known as DevRel, is a rapidly growing field within the tech industry that focuses on fostering relationships between companies and their developer communities. DevRel professionals bridge the gap between companies and developers by...

5 Things I Would Do To Fix Twitter

5 Things I Would Do To Fix Twitter

So, Elon Musk has purchased Twitter. I don't really want to get into the politics of whether this is a good or bad thing (other people are already debating this), but it got me thinking about what needs fixing in Twitter. There is little doubt that Twitter has a...

Should you use Facebook Groups for Your Community?

Should you use Facebook Groups for Your Community?

Yeah...yeah...I get it...Facebook... ...even people who use Facebook don't seem to be huge fans of Facebook as a company...but let's put that to one side for a moment. Thousands of companies, interest groups, support groups and more use Facebook Groups every single...