HackerOne Scores $49 Million Investment to Advance Ethical Hacking as a Security Strategy


“White Hat” hacker-based security platform HackerOne – which demonstrated its bug bounty and vulnerability disclosure platform at our developers conference FinDEVr in London in 2017 – has secured $49 million in Series E funding. The round was led by GP Bullhound, and gives the San Francisco, California-based firm nearly $160 million in total funding. Benchmark, NEA, Dragoneer Investment Group, and Valor Equity Partners also participated in the investment. HackerOne will use the capital to support research and development and expand go-to-market operations.

“As attack surfaces grow, so does the gap between what digital assets organizations own and what they can protect,” HackerOne CEO Marten Mickos said. “HackerOne is closing that gap and keeping its customers out of harm’s way in a way that no other mechanism can accomplish.”

Mickos noted that HackerOne has identified more than 17,000 high or critical vulnerabilities for its customers over the past 12 months. He underscored 2021 as an especially challenging year, with the firm’s customers announcing a 97% increase in reports for misconfigurations. Additionally, Mickos said that a growing number of institutions are choosing ethical hackers – such as those provided by HackerOne – to defend their digital attack surfaces and help reveal potential vulnerabilities. Specifically, HackerOne has experienced increased adoption of its HackerOne Assessments, Application Pentest for AWS, which was launched in August, and expanded its Internet Bug Bounty program to include vulnerability management in the open source software supply chain.

HackerOne ended 2021 with the appointment of Chris Evans as Chief Information Security Officer (CISO). Evans brings years of digital security experience from tenures at Oracle Corporation, Tesla, and Google – where he founded the Google Chrome security team and Google Project Zero security research team – as well as Dropbox, where he was Head of Security.

“All software has security vulnerabilities,” Evans said in a statement. “The only way to outpace the cybercriminals is to enlist the help of external security researchers. Across every industry, we’re seeing the most innovative companies and CISOs embrace ethnical hackers to reduce risk.”