HackerOne Archives

Rep. Nancy Mace, R-S.C., speaks during a hearing with the House Oversight and Accountability committee in the Rayburn House Office Building on April 11, 2024 in Washington, D.C. (Photo by Anna Moneymaker/Getty Images)

House passes bill requiring federal contractors to have vulnerability disclosure policies

The legislation to make contractors implement VDPs aligned with NIST guidelines is aimed at protecting Americans’ data, co-sponsor Rep. Nancy Mace says.

Mar 4, 2025 By Matt Bracken

The United Nations logo is seen at the United Nations headquarters on May 20, 2021 in New York City. (Photo by Angela Weiss / AFP) (Photo by ANGELA WEISS/AFP via Getty Images)

HackerOne urges U.S. to advocate for research protections in UN cybercrime treaty

The company responsible for bug bounty platforms warns in a letter to top U.S. officials that the treaty’s vague language could undermine ethical security research.

Nov 14, 2024 By Greg Otto

Secretary of Defense Lloyd Austin. (Saul Loeb/AFP via Getty Images)

DOD expands vulnerability disclosure program, giving hackers more approved targets

The expansion comes as the DOD eyes broader changes for its Vulnerability Disclosure Program.

May 5, 2021 By Shannon Vavra

pwn2own Vancouver 2019 day 2 — Richard Zhu, center, and Amat Cama, standing to Zhu’s left, demonstrate their Firefox exploit at the Pwn2Own conference in March 2019 in Vancouver, British Columbia. (Pwn2Own)

HackerOne, Verizon Media weigh pros and cons of making live hacking contests virtual

The good thing about it was that it was big. The bad thing about it? That it was big.

Dec 14, 2020 By Tim Starks

TikTok unveils bug bounty program, scraps with US government in court over looming ban

The video-sharing app is expanding its existing vulnerability disclosure program.

Oct 15, 2020 By Tim Starks

Supreme Court. Photo: Richard Gillin/Flickr (CC BY SA 2.0)

Security researchers slam Voatz brief to the Supreme Court on anti-hacking law

Much is at stake when the Supreme Court considers the Computer Fraud and Abuse Act.

Sep 14, 2020 By Sean Lyngaas

Voatz app, mobile voting, elections, election security, blockchain, voatz hackerone — A sign of Voatz’s deteriorating relationship with HackerOne came last month when researchers noticed that Voatz had updated its policy on the HackerOne website, saying it couldn’t “guarantee safe harbor” for researchers accessing the company’s live election systems. (Scoop News Group)

Voatz urges Supreme Court to not protect ethical research from prosecution

The Boston-based company previously severed ties with a bug bounty platform over a discrepancy.

Sep 4, 2020 By Jeff Stone

Shopify bug bounty — Transparency is key for Shopify’s bug bounty program. (Getty Images)

What Shopify has learned from five years of bug bounty programs

In this op-ed, a senior security engineer for Shopify discusses what has made the company's bug bounty program so successful. (Hint: it's the not the payouts.)

May 5, 2020 By Pete Yaworski

HackerOne cuts ties with mobile voting firm Voatz after it clashed with researchers

It's the first program that has ever been kicked off the HackerOne platform, according to a HackerOne spokesperson.

Mar 30, 2020 By Sean Lyngaas

dod apache struts — (chucka_nc / flickr )

Cyber Command’s bug bounty program uncovers more than 30 vulnerabilities

The bug bounty program, sponsored by U.S. Cyber Command, zeroed in on finding vulnerabilities external to the Department of Defense Information Network.

Oct 14, 2019 By Shannon Vavra