Continuous Security Auditing by HackerOne

Files.com engages the services of HackerOne, a San Francisco firm that has relationships with thousands of independent security researchers. Through HackerOne, these independent security researchers each separately audit and test the security of our platform through independently conducted penetration testing of our websites, servers, platform, and APIs.

HackerOne takes an alternative approach to penetration testing. They offer:

  • HackerOne Response: With HackerOne Response, organizations receive vulnerability reports discovered by third-party hackers, free of charge. Our customers use HackerOne Response to ensure security reports end up in front of infosec professionals, while minimizing the chances that vulnerabilities are disclosed through unsuitable channels like social media.

  • HackerOne Challenge: HackerOne Challenge is a private, fully-managed alternative to traditional penetration testing. Challenges are perfect for organizations looking to supplement or replace traditional penetration tests with ethical hackers looking for severe vulnerabilities. Every Challenge will include a detailed report to help meet compliance requirements.

  • HackerOne Bounty: HackerOne Bounty is the market-leading bug bounty program, where trusted hackers are incentivized to continuously test for critical vulnerabilities. Bounty programs can be private and invite-only or fully public, and all incentives will reflect the organization’s priorities. HackerOne has more experience running more programs, of any size, than any other vendor.

The HackerOne approach is to find and incentivize the industry best trusted, ethical hackers to attempt to penetrate the systems and applications of the HackerOne customers. We pay HackerOne a great deal of money every year to use this alternative approach to penetration testing against our systems.

This redundant form of testing has been embraced by the top firms in the software as a service industry, including Google, Microsoft, and others, due to its unique ability to provide rapid coverage and testing of a wide variety of potential issues.

Files.com’s internal Security response team is immediately notified if a HackerOne researcher ever discovers a potential issue, and we treat the triage and resolution of issues as a high priority. Should a breach ever be discovered through our relationship with HackerOne, we will report the breach in accordance with our Privacy Policy.

If you are an independent security researcher and would like to conduct security testing against Files.com, please join Files.com’s page on HackerOne.