The bug bounty platform HackerOne announced Wednesday a $40 million Series C financing round led by Dragoneer Investment Group, bringing total investment in the San Francisco-based company to $74 million.
Bug bounty programs connect companies and organizations to hackers who find vulnerabilities and are rewarded for their work. The new HackerOne cash follows up Hack the Pentagon, a high-profile program with the U.S. Defense Department and Synack yielding 138 vulnerabilities in the Pentagon’s systems. Over a thousand hackers were awarded over $15,000 for their work.
The whole bug bounty industry is booming. Competitors like Bugcrowd have seen growth year after year, particularly among large companies intent on better cybersecurity at a bargain. On the bounty hunter’s part, it’s a narrow but significant way to go after vulnerabilities without then heading to prison. Many automakers and virtually all the major tech firms have their own bounty programs. Even outside of the mainstream, multimillion dollar dark net markets are implementing bug bounty programs to help find flaws that could end with handcuffs.
Where does all that money go? Nowhere for now, according to a TechCrunch report: “CEO Mårten Mickos says the company really didn’t need the money, but there was significant investor interest and they decided to take the money, rather than wait until there was a specific need. Having a substantial amount of cash gives the company flexibility for several years, he says.”
In five years, HackerOne has awarded over $14 million in bounties ($7 million in 2016) from customers including Airbnb, CloudFlare, General Motors, GitHub, New Relic, Nintendo, Qualcomm, Starbucks and Uber.