AWS Startups Blog

HackerOne CEO on Innovation by Community

Guest post by by Marten Mickos, CEO of HackerOne 

Innovation is a change that creates a new dimension of performance. In March of 2020, HackerOne was ranked by Fast Company as the 5th most innovative company in the whole world for putting hackers to work. How is that an innovation? Read on to learn. There is a model for community-based innovation that over and over produces groundbreaking results for the companies involved, and for the entire society. The model is available for anyone to employ.

Innovation disrupts market forces. Disruptors are innovators, but not all innovators are disruptors. Disruption takes a left turn by uprooting and changing how we think, behave, do business, learn and go about our day-to-day. The late professor Clayton Christensen used to say that a disruption displaces an existing market, industry, or technology and produces something new and more efficient and worthwhile. Such an innovation is at once destructive and creative.

A common misperception is that innovations are made in research labs and claimed with patents. Some innovations certainly are. Yet there is a world of difference between invention and innovation. Most inventions never make it into the hands of consumers or into the use of society. Innovations, which are changes that make a whole new world of benefits accessible to us, come in many forms. Many innovations have no discernible inventor. They may be the result of teamwork or crowdsourcing. Many are not technical in nature.

An innovation does not care where it came from or how it was produced. All it cares about is concretely improving the lives of all of us. An innovation brings a new dimension of performance, as Peter Drucker used to say.

HackerOne empowers the world to build a safer internet. We have gathered a community of hackers who look for holes in software systems. When such security vulnerabilities are found, they can be fixed. Step by step, there are fewer places where a criminal can break in. The world becomes more secure, and digital trust can be restored. This sounds simple, but it remained an unsolved problem for years. Tools and services for testing and scanning were unable to find elusive security holes. But hackers will find them.

A whitehat – as they are called to distinguish them from criminal blackhats – possesses curiosity and creativity that widely exceeds that of any man-made system or tool. Trying to solve the problem within the organization did not work. Opening up and sharing the problem with the whole world instantly produced a viable solution, a solution that scales infinitely. This is the key innovation of HackerOne. A new dimension of performance was created, not by an invention of one or a few deep experts, but by farming out the problem to the entire world. Innovation is endless when you leverage the creativity and diversity of humankind at scale.

Today, over 600,000 hackers have signed up to help companies and government agencies to find and fix security holes before criminals get to them. This model is now used and recommended by the US Department of Defense, Goldman Sachs, Starbucks, Microsoft, Google, Intel and many more. To date, over 150,000 security vulnerabilities have been found and fixed to prevent malicious use. The online world is more secure.

The interesting question is what we can learn from this innovation. Are the principles that led to hacker-powered security generic and available to others? Can they be employed in other industries and different human endeavors? They certainly can. Every distinct innovation may be unique, but the fertile grounds that produce them are similar in many ways. Community-based innovation is a model that can be used by commercial and non-commercial entities alike.

Innovation happens under favorable conditions. Here is how to create them:

● Innovation happens elsewhere. Look for innovation in non-obvious places, or in situations that are not “places” at all. State the challenge openly and invite anyone to contribute.

● Innovation happens in encounters. Experts of two separate domains may be unable to innovate on their own, but put together they can innovate in the cross-section of their respective disciplines.

● Brains love to collaborate and be creative, egos don’t. Establish processes and governance models where brains thrive and egos can play no role.

● Protect innovation from the naysayers. Often the naysayers are professionals with vested interest in tradition.

● Low cost of failure encourages the human mind to experiment, and we are talking about both social and monetary cost

● A constrained or frugal set-up often leads to unconstrained innovation

● Innovate from the front to the back. Start with a dream of how people will experience the innovation. Then work your way back to technology and solutions that can produce the desired outcome.

● Try a lot of stuff and keep what works. When you lose, don’t lose the lesson. Innovation is darwinistic in nature. You throw away an awful lot before you find something to keep.

● Establish the right type of atmosphere in the organization. Humans are at their most creative when they are facing imminent severe danger or when they are joyful, at ease and feeling accepted. The latter is the model for community-based innovation

When you look closer at our history, you find phenomenal community-based innovations. Some of them are societal and not for profit, such as the communal development over centuries of some of the most delicious recipes, or the Burning Man event. Some are at the cross-over between science and business, such as the innovations in DNA sequencing and technology. It would be impossible to achieve such innovation without science, or without the tens of thousands of skilled participants who readily share their findings with everyone. The result is better health and medicine, and fantastic business success for many companies.

The Linux operating system is another outstanding example. Originally created by one person – Linus Torvalds – Linux became a community project more powerful than any corporate software project in world history. It was not the software code that was the innovation. It was the way it engaged the brainpower of anyone with the will and skill. In a way, Facebook is a community-based innovation too. The value emanates from the members, not a priori from the platform. You could say the same about a credit card company. The economic value of these community-based innovations to society is measured in the hundreds of billions of dollars. They spawn great business success for the company that learns to harness the output of the community, and for the numerous other companies that join the same ecosystem to add value each in their own way.

In summary, some innovations are narrow and specific. Others are communal. Both groups of innovations create a new dimension of performance, leading to market-disrupting companies that make our civilization better. You can innovate in the smallest and in the widest. When you employ the brainpower of hundreds of thousands of ethical hackers, you can solve the problems of cybersecurity, making our connected society safe and trustworthy.