HackerOne, a startup that helps companies create “white hat” hacking incentive programs, said today that it’s raised $40 million in new funding.
The Series C investment in the San Francisco-based company was led by Dragoneer Investment Group, with participation from earlier investors New Enterprise Associates and Benchmark. HackerOne, led by CEO Marten Mickos, has raised $75 million to date.
Virtually every major technology company runs homegrown programs that encourage people to find computer bugs and submit them for cash. In October, for example, Facebook announced it has paid out $5 million over the past five years to hackers who help them find bugs. Google and Apple run similar programs. But building a bug bounty program from scratch and promoting it among hackers isn’t easy.
A platform like HackerOne hits on a number of areas that investors like: It’s a marketplace that crowdsources solutions to difficult problems, taps into the sharing economy by paying out people for micro-jobs, and helps structure a program for companies that don’t have the resources (or the public attention) to build their own.
HackerOne says it has more than 100,000 white hat hackers registered on the platform, who have collectively found 38,000 bugs, in return for $14 million in bounties — $7 million of which were paid in the last year alone.
Its roughly 700 customers include Airbnb, CloudFlare, General Motors, GitHub, New Relic, Nintendo, Qualcomm, Starbucks and Uber. It ran a high-profile, one month bounty program last year with the U.S. Department of Defense, where 1,400 hackers found 138 bugs. It later ran a similar program with the U.S. Army.
The average bug on HackerOne pays out $500. The single largest payout was $30,000, and there’s currently a $50,000 bug that remains unclaimed, the company told reporters.