Join gaming leaders online at GamesBeat Summit Next this upcoming November 9-10. Learn more about what comes next. 


HackerOne, a vulnerability identification platform that helps connect security-conscious businesses with bug hunters, has raised $40 million in a Series C round led by Dragoneer Investment Group.

Founded out of San Francisco in 2012, HackerOne helps companies identify weaknesses in their online systems through offering cash incentives to security researchers, the idea being that it’s better to have one of the good guys find a bug before the bad guys get a sniff. HackerOne monetizes by charging a 20 percent commission on top of each bounty paid through its platform.

Many well-known companies offer “bug bounty” programs through HackerOne — including Twitter, which paid out more than $300,000 in prizes between 2014 and 2016. Other companies using HackerOne include Airbnb, Uber, Yelp, Qualcomm, Nintendo, Slack, Adobe, LinkedIn, GitHub, and Yahoo. And last year, HackerOne was chosen by the U.S. Department of Defense (DoD) to run a bug bounty challenge called Hack the Pentagon, which resulted in more than 1,000 hackers identifying around 140 vulnerabilities. HackerOne subsequently won a $3 million contract from the DoD to Hack the U.S. Army.

HackerOne has now raised around $75 million in total, including a $25 million tranche less than two years ago that ushered in a slew of notable angel investors, including Salesforce CEO Marc Benioff, Dropbox CEO Drew Houston, and Zenefits COO David Sacks. The company says it will use its new funds to invest in “technology development, expand market reach, and continue to strengthen the world’s largest and most diverse hacker community,” according to a statement.

Bug bounties are big business — Google has paid out millions of dollars in awards since it first launched a program in 2010, while back in October Facebook revealed it had paid out $5 million in five years. Apple launched its first bug bounty program in August.

“Our customers typically receive their first valid security vulnerability report the same day they challenge our diverse community of hackers to examine their code,” explained HackerOne CEO Marten Mickos. “There’s no such thing as perfect software, and bug bounty programs are the most efficient and cost-effective solution for finding security vulnerabilities in live software.”

Other notable players in the bug bounty platform space include fellow San Francisco startup Bugcrowd, which has raised around $23 million in funds, to date.

VentureBeat

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative technology and transact. Our site delivers essential information on data technologies and strategies to guide you as you lead your organizations. We invite you to become a member of our community, to access:
  • up-to-date information on the subjects of interest to you
  • our newsletters
  • gated thought-leader content and discounted access to our prized events, such as Transform 2021: Learn More
  • networking features, and more
Become a member