So, who is HackerOne?

HackerOne is an organization with the mission to make the internet a safer place. To do this, they are calling upon the legion of ethical hackers to help protect their customers’ surface attack. HackerOne's talent pool, referred to as HackerOnies, is a community focused on the creation and execution of responsible disclosures.

What is Responsible disclosure?

Per HackerOne's site:

Why does HackerOne Need YOUR help?

HackerOne's core mission is centered around making the internet a safer place by empowering a global community of ethical hackers to identify and resolve security vulnerabilities. This mission requires a copious amount of people testing for vulnerabilities within any size of environment. And remember – this is what will help save the HackerOnies!!

Why do the HackerOnies need saving?

So let’s unpack why the HackerOnies need saving. As many of us within the community were busy with our preparations for attending Hacker Summer Camp, HackerOne CEO Marten Mickos had different plans. In a company update, Mickos stated that “I have made the painful and necessary decision to undertake a restructuring and we will reduce the size of our team by up to approximately 12%. This comes as disappointing news, as we've all built strong connections with our fellow Hackeronies. These actions are necessary to be successful long-term. However, I understand how difficult this news is and the impact this will have on all team members, and I take responsibility for the changes we are sharing today.”

tl;dr - HackerOne reduced 12% of its workforce due to economic hardships.

HackerOne needs more disclosures to make more money; HackerOnies need more capital to weather economic uncertainty.

How can lil ol' me help?

Wondering how you can make a difference?

1. Participate in the responsible disclosure process! You can start now by working Public Bug Bounty Programs, or check out our next blog, were we might drop our list of Private Bug Bounty Programs.
2. Remember that private bug bounties pay higher than public ones! So, you could hold off a few days, check out upcoming posts, and see how we compiled our list and we might also drop the file!!
3. Disclose as many vulnerabilities as possible. Remember, the more you disclose, the safer the internet will be!

How did we get here.

So here is a quick rundown of how we came to this conclusion!

Using /alfa-bank as an example:

1. Add /alfa-bank to the end of hackerone.com.

• so for this example 'hackerone.com/alfa-bank'

2. Enter this URL into your favorite web browser

3. You should be presented with the following screen:

To test this is valid, let's look at https://hackerone.com/alfabank.

As you can see, this is invalid thus no bug bounty program!

Now, save the world and make some MONEY while you are at it!!! Happy Hacktober Fest! Hope you enjoy part 1 of 3 on HackerOne's Information Disclosure Finding. Be on the look out for Part 2 very soon! Also, for those that have been keeping up, follow the arrow to get the list NOW.