HackerOne CEO Marten Mickos.
Photograph by Albert Law
By Barb Darrow
November 11, 2015

Marten Mickos is the new chief executive officer of HackerOne, a company that acts as a middleman between good-guy hackers and companies who want to fix security flaws in their software.

Mickos was previously chief executive of Eucalyptus, a cloud software company acquired by Hewlett-Packard (HPQ) just over a year ago. He was subsequently named HP’s top cloud executive, but within a few months left the company. Before that, he was chief executive of MySQL, a fan-favorite, open-source database company acquired by Sun Microsystems for $1 billion in 2008.

San Francisco-based HackerOne was founded three years ago by a group of Dutch hackers, which includes Merijn Terheggen who is handing off his CEO title to Mickos. The company netted a total of about $34 million in funding from Benchmark Capital, New Enterprise Associates and a group of A-list angels, which include Salesforce (CRM) CEO Marc Benioff, Digital Sky Technologies founder Yuri Milner, Dropbox chief executive Drew Houston and Yelp (YELP) chief executive Jeremy Stoppelman.

The company also claims big name customers ranging from Airbnb and Adobe (ADBE) to Twitter (TWTR) and Yahoo (YHOO).

As for its business model, HackerOne collects 20% of the bounty customers pay to hackers—payments to date that have totaled nearly $5 million. However, the overall amount paid by each company depends on the severity and complexity of the vulnerability found.

Currently, the use of HackerOne’s software, which is a sort of Zendesk for bug catchers, is free. The subscription software automates the process of receiving bug reports, verifying, assigning and tracking them. “All of that workflow is what we do,” said Terheggen.

“There is a frighteningly large number of companies with Internet-facing systems that are not equipped to receive vulnerability reports,” Terheggen told Fortune.

Mickos said he is excited to enter the exhilarating world of cybersecurity, and feels that his background in the open-source arena meshes well with the collaborative hacker ecosystem that HackerOne fosters. “In both the open-source and cybersecurity world, you work with people around the world,” Mickos noted.

And, in both worlds, participants have to have a significant level of trust in each other for things to work out. HackerOne’s worldview is that hackers themselves are inherently good and want to do the right thing. They take pride in shoring up software to make the Internet safer, said Terheggen, who plans to stay on at the company and focus on customers.

Given the high interest level in hacking and growing intensity of security breaches, there is definitely a need for legitimate hackers to test the limits of software. Other companies in this realm include BugCrowd and Synack.

Check out the following Fortune video to hear Facebook COO Sheryl Sandberg talk about why her company pays out millions of dollars in bug bounties.

For more coverage from Barb follow her on Twitter at@gigabarb, read her coverage at fortune.com/barb-darrow or subscribe via her RSS feed.

Make sure to subscribe to Data Sheet, Fortune’s daily newsletter on the business of technology

SPONSORED FINANCIAL CONTENT

You May Like

EDIT POST