In this blog, we are excited to announce our white paper on Return on Mitigation (RoM), a framework we designed to quantify the financial impact of security programs in a way that speaks to business leaders.

At Snap, security is more than a priority—it’s a core mission. Over the past decade, Snap has partnered with HackerOne to build and sustain a robust bug bounty program. This collaboration has led to major milestones, including paying security researchers over $1M in bounties. To celebrate this achievement and their 10-year partnership, we spoke with Jim Higgins, Snap's Chief Information Security Officer, Vinay Prabhushankar, Snap’s Security Engineering Manager, and Ilana Arbisser, Snap’s Privacy Engineer.

What if your security program could self-optimize: analyze trends, identify weak points, and proactively propose actionable steps to strengthen defenses? With HackerOne Recommendations, it can.

What are Hackbots and how are they impacting vulnerability discovery and the researcher community?

The new DORA regulation: everything your organization needs to know about its impact and how to comply.

The HackerOne Policy team analyzes cybersecurity and AI regulation in the U.S. under the incoming administration.

Applying human-in-the-loop principles creates application security controls loved by developers. See how.

HackerOne CEO Kara Sprague explores how the modern CISO can face mounting pressures in cybersecurity.

Let's explore how human-in-the-loop AI can help implement successful secure-by-design.

Lightspark is excited to announce the launch of its public bug bounty program with HackerOne.

What is the Digital Millennium Copyright Act and what are the implications of its recent ruling for AI researchers?

Why ROI is not the most effective method to quantify cybersecurity investments — and how ROM can help.

The new OWASP Top 10 for LLMs is here. How has it changed, and how can organizations prevent GenAI risks?

Learn about the different types of insecure design vulnerabilities and how to identify them.

What does New York's new AI Cybersecurity Guidance mean for financial institutions and other regulated companies?

Learn the testing methodologies and security best practices for Azure Cloud Configuration Review.

What makes securing crypto and blockchain organizations so different than other industries? Let's look at the data.