Analysis / Interviews / Podcast /

Exploring Vulnerability Coordination with Hacker One

17 Apr 2017 3:00pm, by

Mårten Mickos has a long history of successful open source tech companies. He is perhaps most well-known as the CEO for database company MySQL AB, which was sold to Sun Microsystems in 2008. He then went on to become CEO of Eucalyptus, which offered an open source private cloud platform that replicated the APIs of Amazon web Services.

We caught up with Mickos at SXSW to hear about his latest venture, Hacker One, the world’s first vulnerability coordination, and bug bounty platform.

Topics:

1:19: It seems like that’s the approach with Hacker One. It’s more of a holistic approach where you are leveraging the community more than anything to try to help people solve problems that might be more singular in nature, but more holistic as well. Am I accurate there?

2:18: What are the wow moments that you’re finding? There must be those kinds of moments that happen frequently when you have this orchestrated community that’s working toward almost a singular purpose.

3:22: So what is the evolution of the hacker?

3:51: Those white hat hackers, how do they compare to the black hat hackers compared to a year ago, two years ago, five years ago?

4:42: It must be a fascinating cultural experience for the individuals that are part of the white hat hacker group and they see things much more clearly than they could have. Is that true, or would you say no?

6:14: How do you orchestrate a community like that to protect the systems?

7:14: So in terms of the architecture itself, is it built on Amazon Web Services?

7:36: So tell us about the bug bounty program and maybe give us a look the $10,000 program and what Hacker One does?

8:20: So that’s the community out there that’s doing the observing and the watching and then the customers are the people in the neighborhood watch context. So what’s the open source angle behind it?

9:34: So tell me then about the people who are part of this community? Are they developers? Are they just people who are proficient at finding things?

10:37: So you provided the example about Slack right, and the discovery you made and how it led to other people discovering things within Slack. What are some examples of the intelligence you’re building that’s leading to better orchestration, better protection of their systems?

12:02: So with these reports, did you develop a template for that?

13:39:  So how does the business model work?

15:41: What are some of the unique aspects of that development that you’re finding as you’re growing that strike you as unique?

16:30: Is that creating new collaboration intersections with the developers and hackers themselves when you’re thinking about building out these platforms so they are durable and resilient?

17:24: So tell us about the roadmap you guys have for the next 12-18 months?


A digest of the week’s most important stories & analyses.

View / Add Comments