Overview
Service Information on HackerOne
What is HackerOne?
HackerOne Pricing
Overall experience with HackerOne
“Efficient Platform Facilitates Transparency and Trust in Hacker Engagement Process”
“Understanding the Paradox: The Constrained Value of Public VDP Programs”
About Company
Company Description
HackerOne helps organisations with Continuous Threat Exposure Management (CTEM). The HackerOne Platform unites agentic AI solutions with the ingenuity of a global community of security researchers to continuously discover, validate, prioritize, and remediate exposures across code, cloud, and AI systems. Through solutions like bug bounty, vulnerability disclosure, agentic pentesting, AI red teaming, and code security, HackerOne delivers measurable, continuous reduction of cyber risk for enterprise organisations around the world.
Company Details
Do You Manage Peer Insights at HackerOne?
Access Vendor Portal to update and manage your profile.
Key Insights
A Snapshot of What Matters - Based on Validated User Reviews
Reviewer Insights for: HackerOne
Performance of HackerOne Across Market Features
HackerOne Likes & Dislikes
The flow of submissions through the platform and validation/prioritisation by triage means my team can focus on the findings that have real risk associated with them. HackerOne has one of the best implementations of AI that I have seen in any commercial product as of yet. The insights, ability to pull data from submissions and draw out complex exploits saves a huge amount of time. I can curate reports from common data points to the very complex at speed and with accuracy. The quality of reports and the depth of findings that would not have been picked up by traditional detections alone make the HackerOne community so invaluable to security programs.
This service works well for internal programs which are not public
The services provided by HackerOne are very customizable. It's not just a tick box service that you purchase and deploy. They will work with you on what your needs are and customize a program or service that works for your organization. This is helpful for many organizations that are still maturing in this area and not ready to go all out and enable all services. Not many organizations allow for this customization and want you to deploy a full program that you may not be ready for. HackerOne succeeds in this area and is truly customer focused.
While the majority of the hacker community are fantastic, you can sometimes come across someone who does not behave in a professional manor but the HackerOne Mediation team have always been able to assist in these scenarios. This is more of an industry problem than vendor specific. Standard reporting within the UI can be a little disjointed at times, but the Insights feature makes building out reports off platform easy to manage.
publicly listed programs have barely any intel and information, this makes things difficult and adds additional cost just to run a service which derives vaule for the business
One of the pitfalls regarding the service is the turnover of employees used within the service. This causes mixed results at times depending on the service in use and the workflows in place such as determining between VDP and BB or what queue the findings should be placed in to. Runbooks need to be clear and straightforward due to the turnover of analysts on the HackerOne team. The security researchers that are finding vulnerabilities come and go, but most are permanent fixtures of the program and drill deep to find the most difficult vulnerabilities related to your organization.
Top HackerOne Alternatives
Peer Discussions
HackerOne Reviews and Ratings
- Manager, IT Security and Risk Management10B+ USDRetailReview Source
Efficient Platform Facilitates Transparency and Trust in Hacker Engagement Process
It's a really easy platform to work with and the support provided by all at HackerOne takes the stress away from managing and engaging with ethical hackers. The model and how we engage with the hacker community is very well designed, allowing for transparency and building trust between the programs and hackers. - VP, IT Security and Risk Management10B+ USDReal EstateReview Source
Transitioning From Private To Public Vulnerability Programs Reveal Increase In Security Findings
Our overall experience with HackerOne has been very good thus far. We started with a vulnerability disclosure program on a private basis. We then transitioned to a public vulnerability disclosure program and that transition went very well with just a few months with an uptick in findings but overall, a great move for our organization. We also use HackerOne for a private and limited bug bounty program. We are slowly maturing in this area and working with HackerOne to grow the program and eventually move this to a public setting similar to our vulnerability disclosure program. The findings these security researchers find are amazing and truly allow your organization to find one off findings that a standard pen test would not pick up. - Audit Manager1B-10B USDIT ServicesReview Source
Good platform but requires internal commitment
My overall experience with HackerOne has been very positive, moving from average to outstanding as we've matured our program and not facing any issues since I started using this platform. HackerOne provides an essential service by connecting our organization with a global pool of security talent, and it has fundamentally improved our ability to identify and remediate vulnerabilities. - IT Security & Risk Management Associate1B-10B USDReal EstateReview Source
Access to Diverse Security Talent Balanced by Slow Report Triage Response Times
Hackerone does a good job providing a large base of hackers or testers that we would otherwise not have any easy way of getting access to. The triage team tends to work quite slowly, and this does impact our ability to work with the hackers on getting them fairly and properly compensated for cases where it is applicable. - Security Engineer50M-1B USDSoftwareReview Source
An Effective Platform For Connecting With Researchers and Strengthening product security
Overall, I've had a really positive experience with the platform. It gives us an organised way to work with the creative security researcher community, which has made it easier to find and fix potential exploits quickly. The collaboration tools are easy to use, and the support from CSM has been responsive. The platform has helped strengthen our InfoSec program and improved researcher engagement.