Bug bounty platform provider HackerOne announced on Wednesday that it has raised $40 million in a Series C financing round led by Dragoneer Investment Group.
The San Francisco-based startup offers a software-as-a-service platform that provides the technology and automation to help organizations run their own vulnerability management and bug bounty programs.
The company says the new funds will be used to invest in technology development, expand market reach, and strengthen its hacker community of more than 100,000 white hat hackers.
The company was co-founded by Alex Rice, the company’s CTO and the man behind Facebook’s bug bounty program, Merijn Terheggen, who serves as CEO, Jobert Abma (tech lead) and Michiel Prins (product lead). HackerOne gained publicity in November 2013 when it announced hosting the Internet Bug Bounty project funded by Microsoft and Facebook.
According to the security startup, more than 38,000 security vulnerabilities have been resolved across more than 700 HackerOne customers, with more than $14 million in bug bounties awarded to date, $7 million of which was awarded in 2016.
In 2016, the U.S. Department of Defense (DoD) selected HackerOne to run the U.S. federal government’s first bug bounty challenge, Hack the Pentagon, which HackerOne says resolved more than 138 vulnerabilities discovered by 1,400 hackers.
In October 2016 the DoD announced that it awarded a combined $7 million to HackerOne and Synack for helping the organization’s components launch their own bug bounty initiatives. With $3 million awarded to HackerOne, the company will help the DoD run challenges similar to Hack the Pentagon, while Synack will provide assistance for a private program open only to highly vetted researchers, the DoD said, adding that the private program will focus on the Pentagon’s sensitive IT assets.
Other HackerOne customers include Airbnb, CloudFlare, General Motors, GitHub, New Relic, Nintendo, Qualcomm, Starbucks, Uber and Lufthansa.
“Our customers typically receive their first valid security vulnerability report the same day they challenge our diverse community of hackers to examine their code,” said Marten Mickos, CEO of HackerOne. “There’s no such thing as perfect software and bug bounty programs are the most efficient and cost-effective solution for finding security vulnerabilities in live software.”
NEA, Benchmark and Strategic Investors also participated in the Series C round.

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- Check Point to Acquire SASE Security Firm Perimeter 81 for $490 Million
- Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan
- Horizon3 AI Raises $40 Million to Expand Automated Pentesting Platform
- Watch Now: Cloud & Data Security Summit Sessions
- Watch on Demand: 2023 CISO Forum Sessions
- Virtual Event Today: CISO Forum 2023 – Register to Join
- Watch Now: Threat Detection and Incident Response Virtual Summit
- Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta
Latest News
- In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- Air Canada Says Employee Information Accessed in Cyberattack
- BIND Updates Patch Two High-Severity DoS Vulnerabilities
- Faster Patching Pace Validates CISA’s KEV Catalog Initiative
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
