HackerOne

How BBP platforms work

BBP platforms like HackerOne provide organizations with tools to host an efficient program and offer the kind of network that allows organizations to attract researchers from the get-go.

Aggregation for researchers and organizations

These platforms are sort of an aggregator of BBP, so the number of researchers browsing the platform and looking for programs is higher than the number of researchers that would bump into your program organically. Researchers know that the platform hosts thousands of programs, so they can easily search through the platform’s directory to find new targets. At the same time, organizations tend to join these platforms exactly because of the number of researchers lurking in them, granting broad exposure to their program.

Monetization model

The way these platforms survive is by charging organizations a fee for joining their service or taking a cut of each bounty awarded through their platform. This makes sure that everyone is a winner: researchers can access thousands of programs, organizations are exposed to thousands of researchers, and the platform monetizes their mutual success by collecting fees in between.

Example: Starbucks

For a better understanding of how the platform works, we can take a look at the program published by Starbucks.

Terms & conditions

It all starts with the program’s page, which states terms and conditions at hackerone.com/starbucks.