HackerOne, a new volunteer-driven security firm run founded by former Facebook security expert Alex Rice, took in $9 million in series A funding. Rice was previously Facebook’s director of its security and Internet Bug Bounty program.
The company’s SaaS platform, custom built on Ruby, functions as a way for tech companies to participate in a bug-disclosure program that is completely confidential, said Rice.
According to Rice, he and the company’s other founders witnessed how large tech companies like Google and Microsoft were able to successfully use bug disclosure programs that aided in discovering vulnerabilities and fixing any potential problem with their platform. For smaller companies without the resources to create similar platforms within their own organizations, Rice saw the opportunity to bring a universal platform in which companies could share and discover bugs without the threat of potential litigation looming over one’s head.
“That distrust has created a poisonous environment,” said Rice.
Participating companies must promise that they will not bring in law enforcement if someone were to point out a bug, as in the case of security research and hacker Samy Kamkar who gained infamy in the mid-2000s when he pled guilty to a felony computer hacking charge because of a worm he unleashed on Myspace after discovering a vulnerability.
Now, if someone were to spot a bug on a company’s website, the person could potentially score a bounty in the form of a monetary reward; this is determined by the company itself.
Prior to this funding round, the company was a bootstrapped operation. Rice said that he started working on developing HackerOne in October 2012, but it wasn’t until October of last year that the company had its product to showcase.
In addition to the funding, the company is also bringing Katie Moussouris, former senior security strategist lead at Microsoft, on board as its chief policy officer.
The San Francisco-based company currently has 15 employees comprising of researchers and engineers and over 500 volunteers. Participating companies include OkCupid, Cloudfare, and InVision.