ARTICLE

Building a Safer Internet with HackerOne

by | Fri 8 Jul 2016

Recently I started doing some work with HackerOne and I thought many of you would find it interesting enough for me to share.

A while back my friend Mårten Mickos joined HackerOne as CEO. Around that time we had lunch and he shared with me more about the company. Mårten has an impressive track record, and I could see why he was so passionate about his new gig.

The idea is pretty neat: HackerOne provides a service where companies (e.g. Uber, Slack, General Motors etc, and even The Pentagon) can provide a bug bounty program that invites hackers to find security flaws in their products and services. The company specifies the scope of the program (e.g. which properties/apps), and hackers are encouraged to find and submit vulnerability reports. When a report is approved, the hacker is often issued a payment.

HackerOne is interesting for a few reasons. Firstly, it is helping to build a safer and more secure world. As we have seen in open source, crowdfunding, and crowdsourcing, a productive and enabled community can deliver great results and expand the scope of operations far beyond that of a single organization. This is such a logical fit when it comes to security as the potential attack surface is growing larger and larger every day as more of our lives move into a digital realm.

What I also love about HackerOne is the opportunity it opens up for those passionate about security. It provides a playground where hackers can safely explore vulnerabilities, report them responsibly, build experience and relationships with security teams at popular companies, and earn some money. Some hackers on HackerOne are earning significant amounts of money (some even doing this full-time), and some are just having a blast on evenings and weekends earning some extra cash while having fun hacking.

I am working with HackerOne on the community strategy and execution side and it has been interesting exploring the different elements of building an engaged community of hackers. One of the things I have learned over the years building communities is that every one is different, and that is very much the case for HackerOne.

Familiar Ground

More broadly, it is also interesting to see echoes of similar challenges that faced open source in the early days, but now applied to hacking. Back then the world was presented with the open source model in which anyone, anywhere, could contribute their skills and talents to improve software. Many organizations back then were pretty weirded out by this. They worried about their intellectual property, the impact on their customers, losing control, and how they would manage the PR.

wargames_still8

Believe it or not, WarGames is not a documentary.

In a similar way, HackerOne is presenting a model in which organizations can tap the talents of a distributed community of hackers. While some organizations will have similar concerns to the ones back in the early days of open source, I am confident we will traverse those. This will be great for the Internet, great for organizations, and great for hackers.

Get Involved

If you are a hacker, or a programmer who would like to learn about security and try your hand, go and sign up, then find a program, and submit a report.

If you are an existing HackerOne user, I would also love to hear your feedback, thoughts, and ideas about how we can build the very best community. Feel free to send me an email to [email protected] – let’s build a powerful, engaged, global community that is making the world more secure and making hackers more successful.

An invitation-only accelerator that develops industry-leading community engagement and growth via personalized training, coaching, and accountability...all tailored to your company's needs.

Want to read some more?

The Unsung Hero: Open Source Community Manager

The Unsung Hero: Open Source Community Manager

Open source projects are the backbone of tech innovation. But it’s not just about the code. The real game-changer is often someone behind the scenes: the Open Source Community Manager. Let’s dive into what they do and why they’re essential. What is an Open Source...

Boost Online Community Growth with the Bucket Strategy

Boost Online Community Growth with the Bucket Strategy

Are you a community manager, community advocate, or developer relations (Dev Rel) professional struggling to come up with creative social media ideas? Effective community management involves consistently generating engaging social media content, but with a million...

Community Strategy & Management with CRM Tools

Community Strategy & Management with CRM Tools

I once sat down with a fellow community manager who told me, "The tools you use can make or break your community strategy." And she was spot on. Community management isn't just a buzzword; it's an art form that requires the right blend of technology, strategy, and...

Decoding Community Metrics: Data-Driven Growth Strategies

Decoding Community Metrics: Data-Driven Growth Strategies

In the bustling tech landscape, where buzzwords flutter like a swarm of bees, a few terms stand out not just for their buzz but for their genuine impact: "Community Metrics" tops that list. But why zero in on these metrics? They're the compass that guides your...