(In last paragraph, corrects John Hering’s title to executive chairman of Lookout, not chief executive)
By Joseph Menn
SAN FRANCISCO, May 28 (Reuters) - As a movement toward paying security researchers who report vulnerabilities in technology products gains steam, prominent advocates for the practice have recently left jobs at Microsoft and Facebook to pursue a venture-backed business coordinating the practice.
Katie Moussouris, credited for making Microsoft much more responsive to bug reports by researchers, said Wednesday she had joined startup HackerOne as chief policy officer, joining Alex Rice, a former Facebook product security chief. Rice, a co-founder and chief technology officer of HackerOne, had launched Facebook’s “bug bounty” program, as such plans are sometimes called.
HackerOne offers companies a free system for processing flaw reports. Those companies decide whether to pay the researchers and how much, and they can pay HackerOne for advice.
Other young companies, such as Bugcrowd and Synack, likewise coordinate attempts to find flaws for pay. The practice “is definitely gaining recognition from a lot of mainstream players,” Moussouris said.
Also on Wednesday, HackerOne said it had raised an investment of $9 million led by venture firm Benchmark, and that Benchmark partner Bill Gurley and John Hering, executive chairman of smartphone security company Lookout Inc, have joined its board. (Reporting by Joseph Menn; Editing by Leslie Adler)