How HackerOne Uses the Cloud to Fix Security Vulnerabilities at Scale
83,000. That’s how many security vulnerabilities HackerOne has fixed to date thanks to hacker-supplied reports to their platform. “The data speaks for itself,” says Reed Loden, HackerOne’s director of security. “The types of vulnerabilities, the complexity to the vulnerabilities, the cleverness to the vulnerabilities is stuff that you’re just not going find from paying just a variety of security consultancy firms… it all comes down to number of people.”
Founded in 2012, HackerOne uses a quarter of a million security researchers from around the world to find security vulnerabilities in companies, products, and services. They then report what they find to the affected company via the platform and for valid findings, they pay their researchers. Customers currently run the gamut from the U.S. government to Fortune 50 companies.
Given that they have customers all over the globe, HackerOne must respect each of their customers’ legal requirements for where their data can live—thus making cloud services practically a necessity. “By allowing us to spin up new instances [and] new systems very quickly is an awesome win for the cloud,” says Loden. “And using AWS allows us to scale, but scale safely and securely.”