Excellent CSM Support and an Ever-Improving Automation Platform
What do you like best about the product?
excellence service provided by your CSM and the ever improving platform such as HAI and automation are my favourite feature
What do you dislike about the product?
High pricing and slow response from H1 triage team
What problems is the product solving and how is that benefiting you?
I’m a big fan of HAI, AI summary and intake agent. With the number of reports growing lately, these features have been a lifesaver. They let me quickly understand the core of each report and oversee the whole program without spending hours on manual reading.
Strong Bug Bounty Platform
What do you like best about the product?
The HackerOne platform provides a clear and structured channel for security researchers to report vulnerabilities, ensuring consistent quality, relevance, and prioritization of submissions. The built-in triage capabilities significantly reduce our internal validation effort, while the centralized communication platform enables reliable, streamlined interaction with researchers without the risk of losing reports due to email filtering issues.
What do you dislike about the product?
Although the triage process clearly adds value, response times can sometimes be slower than expected, which can cause delays in validation and in the subsequent handling of submissions.
What problems is the product solving and how is that benefiting you?
HackerOne increases our visibility within the security research community, making it easier for researchers to engage with us. It centralizes all vulnerability reports in a single platform, which helps streamline handling, reduce duplicate submissions, and minimize noise, allowing us to focus on relevant and high-quality findings.
One of the best BB platform
What do you like best about the product?
I appreciate being connected with a relevant community, which enables us to identify serious and impactful vulnerabilities across our scope. The ticketing interface is quite user friendly, and I found the initial setup of the HackerOne Platform quite easy.
What do you dislike about the product?
I believe HackerOne should introduce an ACK status to acknowledge the initial review of a report.
What problems is the product solving and how is that benefiting you?
The HackerOne Platform enables me to engage with a community that helps identify serious and impactful vulnerabilities across our scope.
Straightforward, Practical Vulnerability Management with Clear Visibility
What do you like best about the product?
I like how straightforward and practical it is. It makes it easy to work with hackers, keep track of vulnerabilities, and manage everything in one place without it feeling heavy or complicated. It also gives good visibility into what actually matters, which helps when you need to explain things to leadership or prioritize fixes.
What do you dislike about the product?
For busy programs, the number of notification emails that arrive every morning can be very confusing. It would be really helpful if these updates could be summarized so it’s clearer what’s happening at a glance. Right now, some emails include responses from the HackerOne team, while others are usually responses from our team, and it’s hard to quickly tell them apart. A simple summary would make it much easier to keep everything organized and easy to follow.
What problems is the product solving and how is that benefiting you?
It centralizes vulnerability reporting, triage, and remediation in one place, which makes the overall process much easier to manage. It reduces noise and helps us focus on the real, high-impact risks instead of getting distracted by low-value findings. It also provides clear ownership, tracking, and visibility into vulnerabilities, so nothing gets lost and progress is easy to follow. Communication with stakeholders is smoother, and collaboration with hackers feels more structured and productive. Overall, it enables faster and more consistent remediation across teams.
Powerful Bug Bounty Platform with Room for Improvements
What do you like best about the product?
I love the quality of the researcher community on the HackerOne Platform. The reports we receive are usually well written and reproducible, which makes our job way easier. It really helps us scale our security testing by allowing external researchers to find issues like IDORs, SSRFs, and logic flaws, which is huge. The triage and payout flow save us a lot of time. Additionally, their team helped with the smooth setup by scoping the program and defining policy.
What do you dislike about the product?
The dashboard can feel a bit cluttered when you have a lot of reports, and reporting/analytics could be more flexible. Pricing also gets pretty steep as you scale. Custom dashboards and exports are a bit limited. We'd love to slice data by asset, severity, and time more freely, and pull cleaner CSV/API data for our own BI tools. Trend reports across programs would also help.
What problems is the product solving and how is that benefiting you?
I use HackerOne Platform to scale our security testing, engage external security researchers, and triage reports efficiently. It saves us time with structured payouts and tracking vulnerabilities.
Competent Triaging, but Automation Needs Improvement
What do you like best about the product?
I like that the second-tier triager on the HackerOne Platform is quite competent. He’s nearly always right, which saves me many hours because he’s very often right.
What do you dislike about the product?
The automations are broken, and the early warning system is really trigger happy. Being more reliable—right now, our automations are mostly broken. Ram and HAI issues.
What problems is the product solving and how is that benefiting you?
HackerOne Platform provides a place for the public to send us bugs and handles their validation and rewards, saving me many hours.
Vital for Security with Top Hackers
What do you like best about the product?
I appreciate that the HackerOne Platform gives us access to some of the top hackers in the world. The platform provides best in class tooling for us to manage their reports. By having top hackers, we are more likely to find serious security issues before adversaries do.
What do you dislike about the product?
Triage can be slow and painful, or make mistakes because they don't know the product as well as company employees. The premiums to run on the platform can be quite high, especially relative to professional services hours actually given or triage times.
What problems is the product solving and how is that benefiting you?
It allows us to receive responsible disclosure of security vulnerabilities from researchers and hackers in exchange for financial compensation.
Streamlined Security with Expert Support
What do you like best about the product?
I like the ease of understanding the report and the triaging done by the HackerOne team. It saves a lot of time for us since the initial triaging is done by them, and then they provide us with a final detailed report that we can work on directly. The expertise from the HackerOne team makes it easier for us to have back and forth questions if we have any technical questions related to the findings. They also coordinate with the researcher, which solves a lot of problems for us. The initial setup was pretty much straightforward and didn't take much time. The guided setup made it easy for us to set up and onboard members.
What do you dislike about the product?
Nothing in particular. Maybe, yeah. I think probably if HackerOne conducts events where organizations are invited and maybe they can give a walk through about the product and any new features, that would be something useful.
What problems is the product solving and how is that benefiting you?
I use HackerOne Platform to get reports from researchers, helping us strengthen our product by identifying and fixing gaps we couldn't find ourselves. This leads to more detailed analysis and better product improvement.
Crowdsourced security has strengthened our bug discovery and improved vulnerability response
What is our primary use case?
Our main use case for HackerOne is to create a bridge between the organization and a global community of ethical hackers where we ask them to find bugs in our environment, and based on that, they provide us the bugs we have.
A quick example of how I've used HackerOne is that it provides us bug bounty programs and vulnerability disclosure programs where multiple bug bounty hunters submit their findings about the organization, and those vulnerabilities or bugs are fixed by us. For instance, we received many alerts about expired or mismatched SSL certificates.
We utilize HackerOne's web page where we log in to see what vulnerabilities are there and what else has been discovered, and based on that, we pick and work on the issues we need to fix.
What is most valuable?
HackerOne offers bug bounty programs, vulnerability disclosure programs, red teaming, attack surface management, and other valuable features.
I find bug bounty programs most valuable for our organization because they invite researchers from around the globe to find bugs in our environment, allowing us to fix various severity vulnerabilities or bugs that, if left unaddressed, could lead to losing customers.
HackerOne has positively impacted my organization as hiring red teamers to find vulnerabilities would have taken a lot of time, but through HackerOne, we access a vast number of ethical hackers who help identify bugs, which is invaluable for us.
What needs improvement?
HackerOne is already doing well, although I believe implementing stricter SLAs for the time to first response and time to bounty would help prevent researchers' burnout, especially regarding duplicate submissions.
I suggest systematic bug rewards because currently, if a researcher finds one bug in multiple places, they often only get paid for one. Improving the handling of systemic vulnerabilities would encourage deeper research. Additionally, improving multi-currency and crypto payout options would help make the platform more accessible globally.
For how long have I used the solution?
I work in my current field for 7.5 years.
What do I think about the stability of the solution?
What do I think about the scalability of the solution?
HackerOne's scalability is designed to solve noise problems that typically kill security programs as they grow. It maintains a high signal-to-noise ratio and addresses scalability through infrastructure, triage services, and AI automation, ensuring it handles more reports effectively.
How are customer service and support?
Customer support can improve, as there are instances of ghosting that need to be addressed. I would rate customer support a six out of ten.
Which solution did I use previously and why did I switch?
I am using HackerOne only, with no previous solutions.
How was the initial setup?
I'm not very sure about pricing, setup costs, and licensing, as those are managed by our management team.
What about the implementation team?
We are just a customer of HackerOne, without any business relationship beyond that.
What was our ROI?
I notice a return on investment through the group of researchers at HackerOne identifying vulnerabilities, saving us money, time, and manpower, with the efficiency of HackerOne allowing them to accomplish in three to four hours what would take two red teamers a whole day.
What's my experience with pricing, setup cost, and licensing?
I'm not very sure about pricing, setup costs, and licensing, as those are managed by our management team.
Which other solutions did I evaluate?
Before choosing HackerOne, we evaluated competitors such as Bugcrowd and Intigriti but opted for HackerOne due to its typical rating of 8.5 out of 10 and its enterprise-grade programs.
What other advice do I have?
My advice for others looking into using HackerOne is that it stands above competitors such as Bugcrowd, Intigriti, and Synack, making HackerOne preferable. We covered all the important points regarding HackerOne. I gave this review a rating of 8 out of 10.
Which deployment model are you using for this solution?
Public Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Hackerone Platform Review
What do you like best about the product?
Some of the best researchers in the world are on Hackerone. I’m also impressed with how Hackerone managers work with clients: even though thousands of reports come into the H1 triage queue, if you need to escalate something on a report, the platform managers take action and help get it reviewed.
What do you dislike about the product?
There’s really nothing to dislike. I understand that, from an H1 triage perspective, when they receive thousands of reports, it’s tough to triage every single one. However, sometimes they leave even a critical vulnerability for a week if we don’t raise the concern with their manager to get it reviewed.
What problems is the product solving and how is that benefiting you?
Sometimes researchers find RCE or command injection issues and provide a properly working proof of concept. That’s exactly what an organization needs at that point in time, because it helps them understand whether they are affected.
