{"id":34799,"date":"2018-11-13T18:27:28","date_gmt":"2018-11-13T23:27:28","guid":{"rendered":"https:\/\/digital.hbs.edu\/platform-rctom\/submission\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\/"},"modified":"2018-11-13T18:27:28","modified_gmt":"2018-11-13T23:27:28","slug":"hackerone-using-open-innovation-to-foster-a-cyber-secure-environment","status":"publish","type":"hck-submission","link":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\/","title":{"rendered":"HackerOne: Using Open Innovation to Foster a Cyber Secure Environment"},"content":{"rendered":"

Amongst the many companies taking advantage of the benefits of open innovation, HackerOne has leveraged a community of web hackers to create a leading cybersecurity business that helps the world\u2019s largest companies detect and correct bugs in their respective ecosystems. HackerOne\u00a0is a bug bounty platform that connects businesses with\u00a0cybersecurity<\/a> researchers. It started in 2012 after two Dutch hackers, Michiel Prins and Jobert Abma, made a target list of 100 high-tech companies that they wanted to try to hack. Soon, they had found security vulnerabilities in Facebook, Google, Apple, Microsoft, Twitter and 95 other companies\u2019 systems.[1] Ultimately Sheryl Sandberg of Facebook raised this issue to Facebook\u2019s then CIO who paid the two hackers $4,000 for their find, and HackerOne was born.<\/p>\n

Why Open Innovation?<\/strong><\/p>\n

Prins and Abma struck gold at the right time with the advent of open innovation and the growth of Uber, 2012 was a perfect inflection point of open innovation and the gig economy to make HackerOne thrive. The open bounty program that this platform uses is a great way to allow researchers to help companies be safer, while keeping these researchers free from potential recourse from the government. As stated by former Facebook CIO Alex Rice<\/p>\n

“If researchers find something, they don’t know if they’ll be welcomed with open arms or delivered to the FBI kicking in their door. There’s a long stream of people with good intentions being treated very poorly as a result of that work.”[2]<\/p>\n

HackerOne allows researchers to essentially contract out their services to large corporations while maintaining their distance and staying out of potential legal trouble. This platform opens the opportunity for researchers to do good with bugs they find and get paid by corporations as opposed to selling information to the dark web. HackerOne takes a 20% fee from the bounty corporations pay for playing the \u201cmiddleman\u201d.<\/p>\n

 <\/p>\n

How HackerOne\u2019s bounty program works [3]\"\"<\/a><\/p>\n

How HackerOne\u2019s bounty program works [3]<\/p>\n

\"\"<\/a><\/p>\n

 <\/p>\n

How to Scale<\/strong><\/p>\n

Since its founding, HackerOne has been on a tear, gaining notoriety from many Fortune 500 companies. Facebook, Uber, Google, and Coinbase are just a few of the companies that have current partnerships. Recently, General Motors has decided to extend a 2016 program that they had started with HackerOne. As part of the program, GM committed not to sue security researchers for hacking their products, provided the researchers complied with a number of stipulations, such as not disclosing the vulnerability until GM rolled out a solution.[4] GM President Dan Ammann says<\/p>\n

\u201cGM plans to offer a cash payment for each “bug” found in this\u00a0new Bug Bounty program. We’ll show them the products, programs and systems for which we plan to establish these Bug Bounties,” Ammann said.\u00a0“Then we’ll put them in a comfortable environment\u00a0\u2014\u00a0ply them with pizza and Red Bull or whatever they might need\u00a0\u2014\u00a0and turn them loose.”[3]<\/p>\n

In their efforts to push open source cyber security forward, HackerOne has even gotten the attention of the US government. Ash Cartrer, Secretary of Defense notes<\/p>\n

“We know that state-sponsored actors and black-hat hackers want to challenge and exploit our networks. We know that. What we didn’t fully appreciate before this pilot was how many white-hat hackers there are who want to make a difference, who want to help keep our people and our nation safer.”[5]<\/p>\n

What\u2019s Next?<\/strong><\/p>\n

As competition continues to heat up in the space, HackerOne must continue to innovate. One area that may be low hanging fruit is education. Most hackers are self-taught, so it remains to be seen how formal education will impact the space. HackerOne has room to provide formal education and help young hackers self-learn as much as possible. HackerOne is currently broadening its researcher base to get more top hackers. This is a priority, and the company is experimenting with different solutions to the challenge. There is the\u00a0Hacker101.com<\/a>\u00a0site with tutorials, blog posts, HackerOne sponsored answers on Quora, and they work with some universities on their cybersecurity courses to enable them to train people.[5] Another space that may be ripe for HackerOne is personal computing. All computers will ultimately have a vulnerability. Can HackerOne grow its base of hackers wide enough to help patch up the vulnerabilities all of us have as common day to day users of the internet? Should that be feasible, there is a large pool of demand waiting for HackerOne to expand.<\/p>\n

Sustainability<\/strong><\/p>\n

As we look further into the future one can only wonder about the sustainability of this model. The bounty program feels eerily similar to Uber\u2019s contract model, and it begs the question of will the government ultimately step in and claim that these cybersecurity researchers are not contractors but are instead employees that have the rights to benefits? Will HackerOne need to look at bringing more expertise in house?<\/p>\n

 <\/p>\n

(Word count: 785)<\/p>\n

 <\/p>\n

 <\/p>\n

[1] \u201cHackerOne connects hackers with companies and hopes for a win-win.\u201d The New York Times, June,7th<\/sup> 2015. https:\/\/www.nytimes.com\/2015\/06\/08\/technology\/hackerone-connects-hackers-with-companies-and-hopes-for-a-win-win.html?_r=0<\/a><\/p>\n

[2] \u201cHackerOne emerges with $9 million to root out software bugs.\u201d The Wall Street Journal, May, 28th<\/sup> 2014. https:\/\/blogs.wsj.com\/venturecapital\/2014\/05\/28\/hackerone-emerges-with-9-million-to-root-out-software-bugs\/<\/a><\/p>\n

[3] Image source: HackerOne company website, https:\/\/www.hackerone.com\/product\/bounty<\/a>, Accessed November 11th<\/sup>, 2018.<\/p>\n

[4] \u201cGeneral Motors doubles down on bug bounty cybersecurity effort.\u201d Forbes.com, August 5th<\/sup>, 2018. https:\/\/www.forbes.com\/sites\/davidsilver\/2018\/08\/05\/general-motors-doubles-down-on-bug-bounty-cybersecurity-effort\/#4764496bf33e<\/a><\/p>\n

[5] \u201cHack the Pentagon.\u201d https:\/\/www.hackerone.com\/resources\/hack-the-pentagon<\/a> , Accessed November 12th<\/sup>, 2018<\/p>\n

[6] \u201cHacker education inclusivity and shifting perception of bug bounties.\u201d The Daily Swig Web Security Digest, November 7th<\/sup>, 2018. https:\/\/portswigger.net\/daily-swig\/hacker-education-inclusivity-and-shifting-perceptions-of-bug-bounties<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

The world of cybersecurity can be a complex place. With the advent of the internet, increasingly more data is ripe for hacking and companies are scrambling to protect it. HackerOne thinks it has a solution to keep information protected for the long term.<\/p>\n","protected":false},"author":11616,"featured_media":34829,"comment_status":"open","ping_status":"closed","template":"","categories":[2656,74,845,2309,4239],"class_list":["post-34799","hck-submission","type-hck-submission","status-publish","has-post-thumbnail","hentry","category-computers","category-crowd-sourcing","category-cybersecurity","category-hacking","category-open-innovation","hck-taxonomy-organization-hackerone","hck-taxonomy-industry-computer","hck-taxonomy-country-united-states"],"connected_submission_link":"https:\/\/d3.harvard.edu\/platform-rctom\/assignment\/rc-tom-challenge-2018\/","yoast_head":"\nHackerOne: Using Open Innovation to Foster a Cyber Secure Environment - Technology and Operations Management<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"HackerOne: Using Open Innovation to Foster a Cyber Secure Environment - Technology and Operations Management\" \/>\n<meta property=\"og:description\" content=\"The world of cybersecurity can be a complex place. With the advent of the internet, increasingly more data is ripe for hacking and companies are scrambling to protect it. HackerOne thinks it has a solution to keep information protected for the long term.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\/\" \/>\n<meta property=\"og:site_name\" content=\"Technology and Operations Management\" \/>\n<meta property=\"og:image\" content=\"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2018\/11\/Capture-16.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1102\" \/>\n\t<meta property=\"og:image:height\" content=\"363\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\\\/\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\\\/\",\"name\":\"HackerOne: Using Open Innovation to Foster a Cyber Secure Environment - Technology and Operations Management\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2018\\\/11\\\/Capture-16.jpg\",\"datePublished\":\"2018-11-13T23:27:28+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\\\/#primaryimage\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2018\\\/11\\\/Capture-16.jpg\",\"contentUrl\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/wp-content\\\/uploads\\\/sites\\\/4\\\/2018\\\/11\\\/Capture-16.jpg\",\"width\":1102,\"height\":363},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Submissions\",\"item\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/submission\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"HackerOne: Using Open Innovation to Foster a Cyber Secure Environment\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/#website\",\"url\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/\",\"name\":\"Technology and Operations Management\",\"description\":\"MBA Student Perspectives\",\"potentialAction\":[{\"@type\":\"性视界Action\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/d3.harvard.edu\\\/platform-rctom\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"HackerOne: Using Open Innovation to Foster a Cyber Secure Environment - Technology and Operations Management","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\/","og_locale":"en_US","og_type":"article","og_title":"HackerOne: Using Open Innovation to Foster a Cyber Secure Environment - Technology and Operations Management","og_description":"The world of cybersecurity can be a complex place. With the advent of the internet, increasingly more data is ripe for hacking and companies are scrambling to protect it. HackerOne thinks it has a solution to keep information protected for the long term.","og_url":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\/","og_site_name":"Technology and Operations Management","og_image":[{"width":1102,"height":363,"url":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2018\/11\/Capture-16.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\/","url":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\/","name":"HackerOne: Using Open Innovation to Foster a Cyber Secure Environment - Technology and Operations Management","isPartOf":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/#website"},"primaryImageOfPage":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\/#primaryimage"},"image":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\/#primaryimage"},"thumbnailUrl":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2018\/11\/Capture-16.jpg","datePublished":"2018-11-13T23:27:28+00:00","breadcrumb":{"@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/d3.harvard.edu\/platform-rctom\/submission\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\/#primaryimage","url":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2018\/11\/Capture-16.jpg","contentUrl":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-content\/uploads\/sites\/4\/2018\/11\/Capture-16.jpg","width":1102,"height":363},{"@type":"BreadcrumbList","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/hackerone-using-open-innovation-to-foster-a-cyber-secure-environment\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/d3.harvard.edu\/platform-rctom\/"},{"@type":"ListItem","position":2,"name":"Submissions","item":"https:\/\/d3.harvard.edu\/platform-rctom\/submission\/"},{"@type":"ListItem","position":3,"name":"HackerOne: Using Open Innovation to Foster a Cyber Secure Environment"}]},{"@type":"WebSite","@id":"https:\/\/d3.harvard.edu\/platform-rctom\/#website","url":"https:\/\/d3.harvard.edu\/platform-rctom\/","name":"Technology and Operations Management","description":"MBA Student Perspectives","potentialAction":[{"@type":"性视界Action","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/d3.harvard.edu\/platform-rctom\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"}]}},"_links":{"self":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission\/34799","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission"}],"about":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/types\/hck-submission"}],"author":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/users\/11616"}],"replies":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/comments?post=34799"}],"version-history":[{"count":0,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/hck-submission\/34799\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/media\/34829"}],"wp:attachment":[{"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/media?parent=34799"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/d3.harvard.edu\/platform-rctom\/wp-json\/wp\/v2\/categories?post=34799"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}