Case Study: Shopify achieves scalable hacker-powered security and protects merchants with HackerOne

Shopify - Customer Case Study

Shopify, the commerce platform powering 600,000+ merchants worldwide, faced the challenge of protecting vast volumes of sensitive transactions and highly customizable merchant integrations from unknown vulnerabilities and both online and offline attacks. With a growing API-driven developer ecosystem and the need to maintain merchant trust, Shopify needed a scalable way to surface, prioritize and remediate security issues quickly and transparently.

Shopify launched a public bug bounty program with HackerOne, offering competitive payouts and platform tools to manage reports; by March 2018 the program had resolved 759 reports, engaged 300+ hackers and paid over $850,000 in bounties. The program delivered faster, higher-quality vulnerability discovery and fixes (including a critical patch rolled out within 12 hours), increased executive support and transparency, and even led to hiring top hackers into Shopify’s security team.

Shopify

Tobias Lutke

Chief Executive Officer