Skip to main content
TrustRadius
HackerOne

HackerOne

Overview

What is HackerOne?

HackerOne is a hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be exploited, from the company of the same name in San Francisco. The service is used for vulnerability location, pen testing, bug bounty, and…

Read more
Recent Reviews

TrustRadius Insights

Bug Triage System: Many users have expressed their appreciation for HackerOne's bug triage system, stating that they consistently receive …
Continue reading
Read all reviews
Return to navigation

Product Demos

Bug Bounty Hackerone login demo section

YouTube

Bug Bounty Product Demo with HackerOne Co-Founder Michiel Prins

YouTube
Return to navigation

Product Details

What is HackerOne?

As a hacker-powered security platform, HackerOne gives organizations access to a large community of hackers. Armed with a database of vulnerability trends and industry benchmarks, the hacker community mitigates cyber risk by searching, finding, and reporting real-world security weaknesses for organizations across all industries and attack surfaces. The vendor states its customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Intel, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter, and Verizon Media. Headquartered in San Francisco, HackerOne has a presence in London, New York, the Netherlands, France, Singapore, and over 70 other locations across the globe.

HackerOne Video

HackerOne Competitors

HackerOne Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Supported CountriesGlobal
Supported LanguagesGlobal
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(12)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Bug Triage System: Many users have expressed their appreciation for HackerOne's bug triage system, stating that they consistently receive updates on the status of their bug reports within the promised time frame. These timely updates provide users with transparency and reassurance.

Attractive Bug Bounty Programs: Reviewers have highlighted HackerOne's hosting of bug bounty programs with attractive payouts, noting that numerous well-known and reputable companies participate in these programs. This attracts skilled security researchers who are motivated to find vulnerabilities and earn rewards.

User-Friendly Interface: Users commonly find HackerOne easy to work with, emphasizing its user-friendly interface and intuitive design. The platform's usability makes it accessible to both experienced cybersecurity professionals and those new to the field.

Difficulties during verification: Some users have reported difficulties while transferring the bounty and going through the verification process on HackerOne. These challenges have been mentioned by multiple reviewers, indicating a recurring issue that needs to be addressed by HackerOne.

Unsatisfactory response time: The response time of certain programs on HackerOne has been consistently criticized as unsatisfactory by some users. This feedback highlights a need for improvement in terms of speed and efficiency in resolving issues raised by researchers.

Challenges for non-programmers: Users without a background in programming have expressed frustration with getting started on HackerOne, as they found the provided video series to be unhelpful in explaining key concepts. This feedback suggests the need for clearer and more accessible resources to accommodate users with diverse backgrounds and skill sets.

Reviews

(1-2 of 2)
Companies can't remove reviews or game the system. Here's why
Score 7 out of 10
Vetted Review
Verified User
Incentivized
We've been using HackerOne for a couple of years. It's a good collection point for bugs and discovered vulnerabilities. Having something to help screen and vet but bounty and security researchers is nice, especially with all the fake reports you can get when you publish an external bug bounty program.
  • Filter for spammy bug reports
  • Nice central interface
  • Payment/reward system is nice
  • I'd like to see a way for the end-user to set a minimum standard so those reporting are better vetted
Our security team will never scale like we'd like to do having this had been extremely helpful to manage, address, and payout vulnerabilities reported. I like having one "door" for this and not multiple ways to report stuff
  • Customer support
  • Customizability
  • More time for my team to address concerns and big filter though several things
These were very close and we liked HackerOne better. For a time we did have both and we felt the need to consolidate the information into one platform and end of life our internal offering. Overall we've been fairly happy with HackerOne.
March 28, 2016

HackerOne experience.

Jugpreet Talwar | TrustRadius Reviewer
Score 9 out of 10
Vetted Review
Verified User
Incentivized
I used HackerOne as a platform to report and verify security related issues on the website. It was used as part of the Security team. It allowed external security researchers to submit reports to us and was also used as means of tracking the issue and if the issue was a legitimate one, award a bounty. It was the primary medium of communication between the researchers and the department.
  • Easy to use
  • Multiple ways to categorize an issue so that it can be reported efficiently.
  • Gives an easy way to track issue and open issues again if they aren't resolved properly.
  • A lot of duplicate bugs get reported, although it does offer automatic suggestion of previously reported bugs that may be duplicates, it is far from perfect.
  • Anyone can report bugs, a lot of them are not verified before submission. This sometimes leads to a lot of time spent in verifying if the bug is really actionable.
  • Each submission has to be treated with equal potential, a lot of time, some time gets invested in vulnerabilities that aren't as important as some others.
It is one of the good platforms for security researchers to submit bugs and other vulnerabilities, it however, has some challenges, in terms of un-verified and duplicate submissions.
  • Bugs that can't be tracked internally are submitted by external researchers, which is an important factor for security vulnerabilities.
  • Even if the bugs reported are duplicates, there still is provision to award reputation points, that keep the researchers engaged.
  • It also requires a lot of verification and validation, as a lot of the submissions are unverified to begin with.
I haven't used any other products as such but I have read about bugcrowd.
Visual Studio.NET, Dynatrace
Return to navigation