[1] It was one of the first companies to embrace and utilize crowd-sourced security and cybersecurity researchers as linchpins of its business model; pioneering bug bounty and coordinated vulnerability disclosure.

[3] HackerOne's customers include The U.S. Department of Defense, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Twitter, and Yahoo.

In 2011, Dutch hackers Jobert Abma and Michiel Prins attempted to find security vulnerabilities in 100 prominent high-tech companies.

While many firms ignored their disclosure attempts, the COO of Facebook, Sheryl Sandberg, passed on the warning to their head of product security, Alex Rice.

[6] In September 2015, the company launched a Vulnerability Coordination Maturity Model, which then-policy chief Katie Moussouris described as “an important effort from HackerOne to codify some reasonable minimum standards on how organizations handle incoming, unsolicited vulnerability reports.”[1] In April 2017, the company announced 240% year-over-year customer growth in Europe, and the subsequent opening of additional European offices to serve increasing customer demand.

The first use of the VDP launched as part of the "Hack the Army" initiative, which was also the first time this branch of the U.S. military welcomed hackers to find and report security flaws in its systems.

[18][19] The Hack the Army initiative resulted in 118 valid vulnerability reports; 371 participants, including 25 government workers and 17 military personnel, took part.

[21] In February 2017, HackerOne sponsored an invitation-only hackathon, gathering security researchers from around the world to hack e-commerce sites Airbnb and Shopify for vulnerabilities.

While others in the field, like Bugcrowd, focus on attack surface management and a broad spectrum of penetration testing services for IoT, API, and even networks.