Apparently there is money to be made in the business of rewarding security researchers for finding security vulnerabilities. Today bug bounty vendor HackerOne announced that it has raised a $40M Series C round of funding, bringing total funding to date for the San Francisco based company up to $74 Million.
The new round of funding was led by Dragoneer Investment Group and will be used to help HackerOne grow the business.
"HackerOne is at the forefront of the burgeoning bug bounty movement," Marc Stad, Founder and Managing Partner of Dragoneer Investment Group, said in a statement. "It is borderline silly for a company not to utilize a bug bounty platform given the immediate reduction in security vulnerabilities and the relatively low price point compared to other security options."
In a 2016 video interview with eSecurityPlanetAlex Rice, co-founder and CTO of HackerOne detailed how the business was growing and where bugs were being found by HackerOne's community of researchers.
Among the major successes for HackerOne is the Hack the Pentagon program that ran in 2016. Results from the Hack the Pentagon bug bounty program were positive with 1,400 security researchers participating, discovering 138 serious vulnerabilities that werefixed quickly. That program has since been followed up by a broader effortwith the U.S. Department of Defense that also involves rival bug bounty vendor Synack.
HackerOne also faces competition from bug bounty vendor Bugcrowd, which has raised $24 million in funding to date, includinga $15 million Series B round in April 2016.
While the market for bug bounty programs is competitive, there appears to be plenty of demand. According to Risk Based Security's software vulnerability report for 2016, since 2013, more bugs have been found by third party bug bounty programs than via vendors directly finding flaws themselves.
Sean Michael Kerner is a senior editor at eSecurityPlanet and InternetNews.com. Follow him on Twitter @TechJournalist.