From open source to open community: ex-MySQL and Eucalyptus CEO Marten Mickos signs on with HackerOne

It may not be open source software, but there are many learnings from Mickos' past gigs that will be applicable to this new role.

crowd of people cheering in silhouette
Credit: Shutterstock

When Hewlett-Packard (back in the days when it was one company) acquired open source cloud infrastructure vendor Eucalyptus a year or two ago, many were left scratching their heads about what exactly HP planned to do with the company. Subsequent events have proved that confusion justified since Eucalyptus has gone nowhere and HP has had a lurching series of pivots around its cloud strategy. Indeed, the only logical thing about the deal was that HP would get the services of a very seasoned executive in Marten Mickos. Prior to joining HP, Mickos was CEO of Eucalyptus and before that CEO of MySQL, the open source database company.

Alas internal politics meant that Mickos' value was wasted within HP and he moved on from the company in short order. Fast forward to today, however, and a new announcement suggests that perhaps someone sees the value that Mickos can bring. HackerOne is announcing that Mickos has joined the company to be its new CEO. So who is HackerOne and what do they do?

HackerOne is a San Francisco-based company that, in the three years since it was founded, has raised $34 million in venture funding from a who's who of investors including NEA, Benchmark, Marc Benioff, Yuri Milner, Jeremy Stoppelman, David Sacks, Brandon Beck, Nicolas Berggruen and Drew Houston. The company offers a security platform that enables teams to build vulnerability coordinations programs.

Created by the people who built Facebook's, Google's and Microsoft's bug bounty programs, HackerOne aims to empower companies to protect data not by internalizing their security activities but rather by working with the global research community to surface their most relevant security issues. HackerOne activates the hacker community globally to proactively test and improve an organization's security.

And that is a message which seems to be resonating with organizations. HackerOne has secured an impressive list of customers including Twitter, Adobe, Snapchat, Yahoo! Square, as well as Fortune 500 companies in finance, energy and retail. HackerOne offers the full lifecycle of community driven bug identification and remediation -- customers can set up bug bounty programs either on a private basis or publicly. Once the bounty program is in place, HackerOne offers the full lifecycle of vulnerability management with a security collaboration platform that allows communication between external security researchers and the organization's own response team.

The interesting thing here is that, given Mickos' background, HackerOne isn't obvious at first glance. It's not an open source technology play, neither is it in the core infrastructure space. So what gives?

It strikes me that HackerOne shares more with Mickos' previous roles than first meets the eye. The key thing with open source initiatives is that they leverage the collective power and intellect of a huge range of individuals. Rather than internalizing development, as proprietary solutions do, open source seeks to harness collective power. That is precisely the model that HackerOne is following -- its values lies in being able to proactively engage with a massive number and range of hackers, and in doing so to test a solution far better than could be achieved with traditional models. This "power of the people" approach is common to both HackerOne and the open source projects that Mickos has been involved with.

Mickos is a hugely respected industry leader. True, Eucalyptus wasn't the success that was expected, and this will sting Mickos somewhat. It's a safe bet that in HackerOne he sees an opportunity to make amends for Eucalyptus and replicate the stellar success he created with MySQL.

This article is published as part of the IDG Contributor Network. Want to Join?

The march toward exascale computers
View Comments
Join the discussion
Be the first to comment on this article. Our Commenting Policies