Case Study: ownCloud achieves rapid, higher-quality vulnerability discovery with HackerOne

ownCloud and HackerOne Collaborate for Better Security

ownCloud, an open‑source file‑sharing platform used by over 8 million people, needed better vulnerability coverage than its contributors and periodic penetration tests were delivering. After launching an internal vulnerability program in 2012, the security team found it generated too many invalid or out‑of‑scope reports and wanted more and higher‑quality findings from the right set of researchers.

In 2015 ownCloud partnered with HackerOne, piloted a private program, then stress‑tested it with 600 hackers before opening a public bug bounty. Within two weeks they received 200+ reports, quickly fixed many issues (including a 2004 bug), and saw a sharp rise in report quality and signal. Time to receive 100 valid reports fell from 150 days to 7 days, and a core group of ~100 consistent contributors now delivers higher‑value findings—ownCloud plans to increase bounties to sustain that momentum.

ownCloud

Matt Richards

VP of Products & Markets