HackerOne Platform Reviews & Product Details

Extremely easy to get starting. I like the community aspect of the platform, and had extremely positive interactions with some hackers that went above and beyond what was requested from them.

Some hackers are too imaginative for their own good and found the weirdest bugs in our application or platform. In my opinion, a good bug bounty program is way more valuable to us than regular pen testing. Review collected by and hosted on G2.com.

Triage can be slow at time and hit-and-miss depending on the complexity of the report and whether your systems are locked down.

Credentials Management is in dire need of improvements.

Some hackers do not respect the program guidelines, with Hackerone not interested in investigating or mediating breaches of conduct. This creates an environments where hackers gain more from not respecting guidelines if they eventually find something as a result. This can cost money and time to manage. Review collected by and hosted on G2.com.

HackerOne is an excellent platform for strengthening cybersecurity. The team is incredibly helpful, offering personalized advice to ensure you get the most out of the service. It is also a fantastic addition to any security strategy, filling gaps that traditional penetration tests might miss.

With a user-friendly interface and access to skilled ethical hackers, it’s a reliable and efficient way to manage vulnerabilities.

Highly recommend! Review collected by and hosted on G2.com.

At times, the triage process might struggle to reproduce an issue, which can require additional clarification.

Additionally, if your systems are highly locked down, setting up access and accounts for hackers can be time-consuming and require extra effort. This step is not inherently problematic but does demand proper planning to ensure the process runs smoothly and you can reap the benefits of using the program as soon as possible. Review collected by and hosted on G2.com.

I find HackerOne's VDP incredibly valuable. It provides a crucial extension to our limited internal resources, allowing us to leverage the expertise of a vast network of security researchers to identify vulnerabilities we might otherwise miss. Given our recent experience with asset loss highlighting gaps in our security posture, a proactive approach like HackerOne is essential for mitigating risk and improving our overall security. The platform's structured process for vulnerability disclosure and remediation helps us manage and prioritize fixes efficiently, even with limited personnel. It's a cost-effective way to enhance our security program and gain valuable insights from a diverse range of perspectives.

besides, Once in some cases, HackerOne will help you facilitate the working progress between your company and security researchers. Review collected by and hosted on G2.com.

The budget for HackOner is not a big deal for a small company like us :D Review collected by and hosted on G2.com.

HackerOne has been transformative for our security program. The platform connects us with top-notch ethical hackers, uncovering vulnerabilities that traditional tools missed. The interface is user-friendly, making it easy to manage and track reports. Their triage support helps us quickly validate and prioritize findings, saving our team time and effort.

The customization options, including private programs and flexible bounties, allow us to tailor the platform to our needs. Overall, HackerOne has improved our security and credibility, making it an excellent choice for any company focused on proactive security.

Key Pros

Skilled global talent pool

Clear UI and effective triage support

Flexible customization and insightful analytics Review collected by and hosted on G2.com.

Our budget took a little hit, but hey, security is priceless, right? 😅 Review collected by and hosted on G2.com.

HackerOne's main strength is the hacker cohort it comes with, and the ease of rewarding said hackers. We rely on the triage team to handle the noise to separate the real risks from the chaff. HackerOne has extensive API capabilities that are essential to our usage. Review collected by and hosted on G2.com.

HackerOne is only one Bug Bounty vendor, and it's not certain what HackerOne does to attract hackers that have not used HackerOne, or have left in the past. Some functionalities are behind in the times, such as hacker credential issuance functionality, and when new features roll out, they often don't have a "try this new interface" function to get used to the new way things are laid out. The Triage team can be quite lacking in response speed and accuracy, especially with complex risks. Review collected by and hosted on G2.com.

I’ve been using H1 for a while, and one of the things I like is how easy it is to discovery and track of everything. It’s great in the moment to connect our team with security researchers, helping us find vulnerabilities before they turn into potential security incidents. What stands out to me the most is you can customize bounty programs to fit your goals. Review collected by and hosted on G2.com.

H1 is a great platform, but like anything, there’s room for improvement. Setting up a bug bounty program for the first time can feel a bit overwhelming, especially if you’re new to it and not sure where to start. But this is not a pitfall at all honestly. Review collected by and hosted on G2.com.

Our experience with HackerOne has been consistently positive. As a company, we've felt well-supported, with all our needs addressed promptly and efficiently. The team demonstrates a clear understanding of our requirements and ensures everything is handled in a timely and professional manner.

The platform has been a valuable resource, helping us improve our security posture while providing the peace of mind that comes with a dependable partner. HackerOne has proven to be a solid choice for our organization, and we’re very satisfied with the results. Review collected by and hosted on G2.com.

While HackerOne delivers great value overall, there are some limitations in the analytics and statistics functionality that could be improved. For instance, the inability to filter data by open or closed reports makes it challenging to focus on the most relevant findings. Additionally, severity levels like none, low, and medium are grouped together, which makes it harder to analyze trends or prioritize based on specific severity tiers.

The analytics interface itself could benefit from a more streamlined and user-friendly design. It sometimes feels cluttered, making it less intuitive to navigate and extract actionable insights. Enhancing these aspects would make the analytics feature significantly more effective for tracking and optimizing our security performance. Review collected by and hosted on G2.com.

As an organization that had paid limited attention to application security before contracting with HackerOne, it was easy to get started and immediately see clear value and return. We still have a relatively junior application security program, but we've made huge leaps thanks to the experience gained from the program. Researchers have shown us how to bypass major defensive controls, development groups have been caught violating best practices, and associated vendors with security assurances have been discovered to be not-so-secure.

It can be quite the investment, but we can feel our organization getting stronger because of this product. Review collected by and hosted on G2.com.

HackerOne Triage services can feel inadequate at times. Our contacts have always been receptive to hearing us out and adjusting things when needed, but it's always been an uphill battle to get consistent service. This applies to both the quality and speed of service. Sometimes submissions are processed before we even know they arrived, and sometimes the summaries by the triagers are better than the actual hacker's reports. However, the opposite end of the spectrum is also true in equal proportion, even when routinely working with the same triagers.

The platform also lacks important asset management settings, reward calculation options, and reliable metrics. The current system does the job, but more robust tools would be ideal given the need to be precise, ethical, and fair while issuing financial rewards and having to justify those figures back to your organization. Review collected by and hosted on G2.com.

HackerOne’s most helpful feature is its streamlined interface for managing bug bounties and coordinating with skilled ethical hackers. The platform enables us to submit, track, and prioritise vulnerabilities with ease, while detailed reporting helps our engineers to understand and fix issues quickly. Additionally, the platform’s vast network of researchers offers a diverse range of expertise, uncovering security gaps that might be missed in-house.

The key upsides of using HackerOne are the broad vulnerability coverage and the in-depth metrics that help us demonstrate program impact and effectiveness. The support from HackerOne’s team make the ongoing management of our program are seamless. Review collected by and hosted on G2.com.

Honestly, nothing. It is every improving and adding features, making it easier. New addition of Ai integration has made things faster for us too. Review collected by and hosted on G2.com.

While I've participated in many bug bounty programs over the years, this is the first time I've ran one as the lead. The HackerOne team (Mostly Olivia, our CSM) has made it very easy for me to make this transition, from helping us with key metrics to understand how our program is doing, what we could improve to make it better, and also framing the impact the program has had to our customers and internal stakeholders. Review collected by and hosted on G2.com.

Even after using it for about 2 years now, it is still hard for me to keep where everything is in my head as I find the UI confusing and not intuitively coupled. For example, where your program settings live compared to where your metrics dashboard is. Review collected by and hosted on G2.com.