HackerOne

Score7.6 out of 10

12 Reviews and Ratings

Community insights

TrustRadius Insights for HackerOne are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

Bug Triage System: Many users have expressed their appreciation for HackerOne's bug triage system, stating that they consistently receive updates on the status of their bug reports within the promised time frame. These timely updates provide users with transparency and reassurance.

Attractive Bug Bounty Programs: Reviewers have highlighted HackerOne's hosting of bug bounty programs with attractive payouts, noting that numerous well-known and reputable companies participate in these programs. This attracts skilled security researchers who are motivated to find vulnerabilities and earn rewards.

User-Friendly Interface: Users commonly find HackerOne easy to work with, emphasizing its user-friendly interface and intuitive design. The platform's usability makes it accessible to both experienced cybersecurity professionals and those new to the field.

Reviews

2 Reviews

Good consolidation and frees up my time

Rating: 7 out of 10

Incentivized

July 27, 2021

Use Cases and Deployment Scope

We've been using HackerOne for a couple of years. It's a good collection point for bugs and discovered vulnerabilities. Having something to help screen and vet but bounty and security researchers is nice, especially with all the fake reports you can get when you publish an external bug bounty program.

Pros

Filter for spammy bug reports
Nice central interface
Payment/reward system is nice

Cons

I'd like to see a way for the end-user to set a minimum standard so those reporting are better vetted

Likelihood to Recommend

Our security team will never scale like we'd like to do having this had been extremely helpful to manage, address, and payout vulnerabilities reported. I like having one "door" for this and not multiple ways to report stuff

Verified User

Engineer in Information Technology (1001-5000 employees)

Vetted Review

3 years of experience

HackerOne experience.

Rating: 9 out of 10

Incentivized

March 28, 2016

Use Cases and Deployment Scope

I used HackerOne as a platform to report and verify security related issues on the website. It was used as part of the Security team. It allowed external security researchers to submit reports to us and was also used as means of tracking the issue and if the issue was a legitimate one, award a bounty. It was the primary medium of communication between the researchers and the department.

Pros

Easy to use
Multiple ways to categorize an issue so that it can be reported efficiently.
Gives an easy way to track issue and open issues again if they aren't resolved properly.

Cons

A lot of duplicate bugs get reported, although it does offer automatic suggestion of previously reported bugs that may be duplicates, it is far from perfect.
Anyone can report bugs, a lot of them are not verified before submission. This sometimes leads to a lot of time spent in verifying if the bug is really actionable.
Each submission has to be treated with equal potential, a lot of time, some time gets invested in vulnerabilities that aren't as important as some others.

Likelihood to Recommend

It is one of the good platforms for security researchers to submit bugs and other vulnerabilities, it however, has some challenges, in terms of un-verified and duplicate submissions.

Jugpreet Talwar

Technical Intern in Information Technology at Commvault (1001-5000 employees)

Vetted Review

1 year of experience

View profile

Loading Reviews List....