Hackers grab US$19-M bounties for exposing more than 100,000 valid vulnerabilities

WHITE Hat Hackers, also called “ethical hackers,” are earning millions of dollars as bounties for exposing vulnerabilities.

The bounty program is an initiative of HackerOne, the leading hacker-powered security platform.

In an email that reached SDN — Science and Digital News, HackerOne CEO Marten Mickos revealed that many hackers have already earned US$19 million bounty rewards from the platform.

“Through HackerOne hackers have identified over 100,000 valid vulnerabilities to date and earned more than US$19 million in bounties in 2018 alone. Creating a safer internet is one of the most important challenges society is faced with today and I am pleased to announce that these leaders will further help us deliver on our mission,” he said.

Mickos was referring to the new personalities who have recently joined HackerOne, such as Liz Brittain as chief financial officer, Suzanne Padilla-Messier, director of Global Hacker Community Development, and Jacob Kaplan-Moss as director of Technical Operations.

“These outstanding leaders are joining at a time of rapid growth for HackerOne, he said, as he welcomed the triumvirate. “Governments, technology companies and the enterprise realize that it’s no longer if their vulnerabilities will be exposed, but when, and until they are contained we are all at risk.”

Read also: HackerOne widens free Hacker101 web training through HackEDU tieup

HackerOne’s new appointments followed the recent addition of Hilarie Koplow-McAdams, venture partner at New Enterprise Associates (NEA), to the Board of Directors, Jeff McBride as vice president of Customer Success, and Deborah Chang as vice president of Business Development and Policy.HackerOneAs the undisputed leader in hacker-powered security, HackerOne publicly launched programs with Fortune 500 companies including Hyatt, Goldman Sachs, Toyota, and Alibaba in 2018 and 2019.

Relying on HackerOne to find their critical security weaknesses are over 1,200 organizations, among them, Airbnb, the United States Department of Defense, Dropbox, Coinbase, European Commission, General Services Administration, Google, Intel, GitHub, General Motors, Ministry of Defense of Singapore, Starbucks, Shopify, Spotify, Lending Club, Lufthansa, MediaMarktSaturn, Nintendo, Panasonic Avionics, PayPal, Qualcomm, Starbucks, the CERT Coordination Center, Twitter, and Verizon Media (Oath).

Brittain looks forward to her new role with the platform.

“I’m immensely inspired by HackerOne as I dive into this new role,” she said. “Not only does the company address a pressing need of the entirety of society, but the business model is poised for success with the right team at the helm. I look forward to setting the right foundation and processes to scale quickly and surpass the unmet demand for hacker-powered security.”

HackerOne laid down the new leaders’ roles and backgrounds:

Liz Brittain, CFO, comes to HackerOne as an experienced CFO, most recently at Base CRM, which was acquired by Zendesk. As a finance leader Brittain has served at Base CRM, DataStax, Fusion-io, Oracle and Sun Microsystems through major landmarks.

Suzanne Padilla-Messier, director of Global Hacker Community Development, most recently at Ubisoft, where she led a team of community engagement professionals across North America in supporting some of the most popular games in the industry while working towards a shared goal of putting players first, and who will bring that experience to the world’s largest hacker community.

Jacob Kaplan-Moss, director of Technical Operations, brings expertise from General Services Administration TTS’s 18F, where he held several engineering and security leadership roles, advocating Bug Bounties and Vulnerability Disclosure Policies throughout government. He has also worked with CIOs and CISOs across industries, helping them to understand, develop and promote bug bounty programs at their respective organizations.

Jeff McBride, VP of Customer Success, joined HackerOne as a seasoned customer success, solution consulting and growth strategy executive most recently at Medallia, where he led pre-sales and customer success programs globally. McBride has held leadership business transformation roles at CA Technologies, McKinsey & Company, BearingPoint and Booz Allen Hamilton.

Deborah Chang, VP of Business Development and Policy, brings ample experience as a business development executive, most notably in a senior role at Shutterfly. Chang started her career as an attorney, and spent the majority of her legal career at Wilson Sonsini Goodrich and Rosati where she worked on IPOs, M&A, and advised directors and officers on risk and corporate governance.

HackerOne said the new leaders’ arrival is just in time of exponential growth for the platform, with the company recently opening an office in Singapore to serve the increasing demand in the region. (EKU/HackerOne)

Featured image source: courtesy of Pixabay by The Digital Artist.

About HackerOne

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited. More Fortune 500 and Forbes Global 1000 companies trust HackerOne than any other hacker-powered security alternative. The U.S. Department of Defense, Hyatt, General Motors, Google, Twitter, GitHub, Nintendo, Lufthansa, Panasonic Avionics, Qualcomm, Starbucks, Dropbox, Intel, the CERT Coordination Center and over 1,200 other organizations have partnered with HackerOne to find over 100,000 vulnerabilities and award over US$43M in bug bounties. HackerOne is headquartered in San Francisco with offices in London, New York, the Netherlands, and Singapore

6 thoughts on “Hackers grab US$19-M bounties for exposing more than 100,000 valid vulnerabilities

  1. Also, there’s an unfortunate reality that I should probably point out here. While it is a good that these white hat hackers are discovering and patching vulnerabilities, I don’t know if it really makes the Internet safer in the long run, due to the simple fact that you can’t possibly discover every vulnerability out there, and all it takes is one to bring down the system. Sure, it’ll keep the Internet safer from your average 1337 h4xx0r script kiddie, but consider what we’re increasingly up against, which is the black hat hacking power of the CIA. Since the CIA has basically an unlimited budget and unlimited power and can employ the smartest hackers on the planet, chances are if there’s a vulnerability out there, the black hat hackers employed by the CIA are going to find it long before the white hat hackers in the HackerOne project, who as I understand are mostly cyber security hobbyists and aren’t all that powerful. That’s why I strongly believe that when it comes to vulnerabilities that could endanger human lives – e.g. those in smart homes or self-driving cars – the only viable option is to simply disconnect these systems entirely from the Internet. You can’t account for every vulnerability, so the best thing to do is take the course of action that will make them unhackable. Of course I know big tech isn’t going to do this, because there’s just too much money to be made from spying on people and targeting them with ads. All I can say is, if people start getting caught in the crossfire and getting killed by powerful government organizations, the blood will be on these big tech companies’ hands.

    1. Maraming salamat po (Thanks a lot) for the reaction. I think you are right; not every vulnerability can be exposed on time before the next hit. Take care, happy hunting.

  2. That looks cool. I should look into this. I might be able to make a few easy bucks this way, since I have managed to find and exploit plenty of my own vulnerabilities in the past (though most of them were just weird loopholes in software systems that allowed me to do things like remove DRM from music files or reset a 30-day trial back to Day 1).

Don't be shy, comments are welcome! Thank you.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: