When Capital One discovered a data breach in July 2019
that exposed credit card and application data of more
than 100 million people, the revelation came courtesy of
a hacker—a benevolent one. He was working on behalf
of HackerOne, a company that connects businesses and govern-
ment agencies with a network of 600,000 hackers who test systems
in exchange for payment and clout. While traditional cybersecurity
efforts are centered around building hacker-proof software, CEO
Mårten Mickos says vulnerabilities are inevitable: “It’s better to know
than not to know.” Last year, the company (which has doled out more
than $80 million in rewards to cybersleuths since 2012, about half
of that in the past year) introduced HackerOne Clear, a program that
vets hackers for sensitive projects and allows companies to require
nondisclosure agreements for such work. New clients in 2019 include
Alibaba, AT&T, Hyatt, and Priceline, and four out of the top 10 banks
in the United States (including Goldman Sachs) are now running
hacker-powered security programs on the platform.
FOR
PUTTING
HACKERS
TO WORK
05
As the market for
hard seltzer spiked
last year—up more
than 200% with
more than $1.2 billion
in sales—meme-
friendly, millennial-
savvy White Claw
emerged as the life of
the party. Launched
by Mike’s Hard Lem-
onade manufacturer
Mark Anthony
Brands in 2016, it
accounted for 54%
of 2019 hard seltzer
sales. While competi-
tors focused on
wooing female con-
sumers with ultra-
feminine touches
(cans emblazoned
with pink fruits and
flirty mermaids),
White Claw adopted
a more neutral
approach, including
an elegant black-
and-white logo, and
marketing that
showcases men and
women hanging out
together and proudly
touting White Claw’s
low-cal, low-carb,
gluten-free creden-
tials. That led to a
near 50-50 gender
split among custom-
ers. “The new gener-
ation doesn’t want
to be told who
to hang out with or
how to act based on
gender,” says Mark
Anthony Brands
president Phil Rosse.
With beer sales flat,
craft brewers and
beer conglomerates
are now creating
their own seltzers in
an effort to catch up.
FOR BREWING
A GENDER-
NEUTRAL
PHENOMENON
06
MARCH/APRIL 2020
2017
20
17
Retail
Financial
Services
Media and
Entertainment
Healthcare
Federal
Government
88
116
20
19
20
18
2018
2019
$1M
$
8
0
M
850
So
urc
e:^ H
ack
erO
ne
.^ *H
ac
ker
On
e^ p
ub
lish
es^
its^
Ha
cke
r-P
ow
ere
d^ S
ecu
rity
Re
po
rt^ e
ach
ye
ar,^
ref
lec
tin
g^ d
ata
fro
m^
Ma
y^ th
rou
gh
Ap
ril
Seven hackers have
surpassed $1M in
bounties earned
through HackerOne.
Amount
awarded
to hackers
through
HackerOne
since 2012
Today, 4 out of 10 of
the largest Ameri-
can banks are run-
ning hacker-powered
security programs
on HackerOne.
Hackers who registered with
HackerOne per day (on average)
Average
Bounty for
Finding Critical
Vulnerabilities
Number of
$10,000
Bounties Paid
The New
Bank Vault
Earnings
Total Bounty
Median Time to Resolve Security Vulnerabilities by Industry
Registered Hackers
100 ,^000 +
200 ,^000 +
600 ,^000 +
(^2019)
(^2018)
(^2017)
511
2018 2019
Days
10 20 30 40 50 60 70 80
On average,
resolutions
happened 5 days
faster in 2019
than in 2018.
$3,384
$2,281
$1,977
55
11
12
12
13
122
15
23
23
31