Skip to content
Crypto Notebook
Self-intro & Prelude
Enzo Notebook
Crypto Alpha
Archive
Contact List
桜島Mai の {no more} Daily Shill
Weekly Raise Digest
Notes
Insight and Thinking
Misc
More
Share
Explore
Notes

icon picker
HackerOne

Upfront Note: gives me a very “professional, panoramic security service company” feeling. More tailored to the taste and need of big enterprises/conglomerates.

Product & Solutions

HackerOne provides three solutions, which are built off of their highly lego-ized products/services. A succint summary of what each product & solution is is included below:
Platform Overview: the home to all subsequent services. Clients kick things off like a bug bounty, security assessment, VDP, keeps tabs on attack surface, identifies hackers who have skills they need, handles payments, triages and organizes vulnerabilities, benchmarks organization against others, Integration with other communications, development, and security tools, and more.
image.png
HackerOne Bounty: Basically a bounty program. The value-add here is HackerOne created interfaces that increases efficiency of head-hunting, workflow and information delegation: ID-verified and background-checked ethical hackers to cover sensitive internal assets, integration with clients’ in-use dev tools, remediation guide, retesting capability, centralized vulnerability risk rating dashboard, triage service, cross-check of hacker’s work by hackerOne staff, and even hacker payment processing.
HackerOne Response: Basically a Vulnerability Disclosure Program (VDP). According to website this is the only
FedRAMP-authorized 
VDP, which also is crowned
NIST best-practice
. This VDP provides further vulnerability management tool (e.g. enhanced communication with hacker with help from experts), access to triage team (and all the downstream service), and insight into assessment data.
HackerOne Assessment: Cyber Security Assessment. Value-add here is, after assessment result comes out, HackerOne built a downstream integration process that helps clients sync and communicate better.
HackerOne Insight: Basically a database-powered comparison tool. Allows clients to compare their rank of security with the rest of HackerOne’s client and discover insights, “to support data-driven decision,” as the quote it.
HackerOne Service: This is where the advisory and triage team of HackerOne sits.
HackerOne Pentest: Penetration testing to help compliance.

Using these building blocks, HackerOne published 3 Solutions, each aiming at solving a particular need. It is important to note that all these three solutions are scenario-specific solutions. The underlying abstract product logic is quite similar: assessment, response, and follow-up downstream actions.
Vulnerability Management: targets general program scenario and provides comprehensive security testing
Cloud Security: Basically the same comprehensive testing but targets cloud, especially when translocating code to the cloud.
Application Security: Help integrate security monitoring into client’s SDLC

As an additional buffer to the talent & tech ecosystem, HackerOne created three partner pillars:
Service partners, who basically are industry experts & ethical hackers that provides technical, first-line response
Technology partners, who are usually utility/efficiency softwares (e.g. APIs, Slack, Github, etc) that reduces communication and remediation frictions
AWS

Sales & Fee

HackerOne is a to-B service and one has to contact the sales team for price evaluation & negotiation. However, judging from its past clients and the fact that half of all Fortune 100 companies used its service, we could expect it to be making a very decent amount of money, so the revenue could be pretty good.

Community

Social Media: it is a big company, what can you expect haha. A professional marketing team runs the account and interaction with twits are closely monitored.
Hacker Community: HackerOne actually hosts a hacker leaderboard,
https://hackerone.com/leaderboard
. From here, hackers from all places can access resources and information about individual hackers. Not to mention there are plenty hacker resources on the website. HackerOne also hosts hacking events year-round. Overall I see decent engagement of community and care/leadership effort from HackerOne
image.png

Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.