Everything has become slower on HackerOne. I have noticed that older researchers receive all the private invites while newer ones receive fewer. The same goes for real-life events, where the same people are invited repeatedly. There are no clear guidelines for being invited to programs and conferences, and the process for receiving invitations appears arbitrary.
The ability to view the conversation between the triagers and the programs will be really good. When an issue gets reported, the understanding conveyed to the program by the triagers is not visible to the reporter. This can cause gaps between what the finder has reported and what is explained to the program. If this communication is visible, it would benefit both parties.
Response time can be improved. The HackerOne Trust team can be slow to respond sometimes. They're not using AI, which could help reduce the number of duplicate reports.
One issue I've experienced is traffic. Many people try to participate when an opportunity with a bounty of around 1,000-15,000 dollars comes up. In this case, the first person to report the vulnerability gets the bounty. If a second person reports the same vulnerability, they are marked as duplicated instead of receiving some recognition. The second person also invested time finding the issue, so I think this can be improved.
HackerOne becomes your partner who executes all aspects of your bug bounty program, including triage, bounty pricing, and hacker relations, allowing you to fully focus on fixing vulnerabilities.
Everything has become slower on HackerOne. I have noticed that older researchers receive all the private invites while newer ones receive fewer. The same goes for real-life events, where the same people are invited repeatedly. There are no clear guidelines for being invited to programs and conferences, and the process for receiving invitations appears arbitrary.
The ability to view the conversation between the triagers and the programs will be really good. When an issue gets reported, the understanding conveyed to the program by the triagers is not visible to the reporter. This can cause gaps between what the finder has reported and what is explained to the program. If this communication is visible, it would benefit both parties.
Response time can be improved. The HackerOne Trust team can be slow to respond sometimes. They're not using AI, which could help reduce the number of duplicate reports.
One issue I've experienced is traffic. Many people try to participate when an opportunity with a bounty of around 1,000-15,000 dollars comes up. In this case, the first person to report the vulnerability gets the bounty. If a second person reports the same vulnerability, they are marked as duplicated instead of receiving some recognition. The second person also invested time finding the issue, so I think this can be improved.