HackerOne Reviews

Name: HackerOne
Brand: HackerOne
Rating: 4.3 (4 reviews)

Vendor: HackerOne

4.3 out of 5

4 reviews
83% willing to recommend

Post review

What is HackerOne?

HackerOne becomes your partner who executes all aspects of your bug bounty program, including triage, bounty pricing, and hacker relations, allowing you to fully focus on fixing vulnerabilities.

Get the Bug Bounty Platforms Buyer's Guide and find out what your peers are saying about HackerOne, Bugcrowd, Synack and more!

HackerOne is the #1 ranked solution in top Bug Bounty Platforms, #2 ranked solution in top Penetration Testing Services, #9 ranked solution in top Attack Surface Management (ASM) solutions, #30 ranked solution in application security solutions, and #41 ranked solution in top Vulnerability Management solutions. PeerSpot users give HackerOne an average rating of 8.6 out of 10. HackerOne is most commonly compared to Bugcrowd: HackerOne vs Bugcrowd. HackerOne is popular among the large enterprise segment, accounting for 59% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 17% of all views.

Buyer's Guide

Vulnerability Management

December 2024

Get the category report

Helped 831,071 peers since 2012

Featured reviews

Hrithik Kumar

SAP Security and GRC Consultant at Skillmine Technology Consulting

In college, I started using HackerOne and taught my 10-20 juniors how to use it. I'm sure they might still be using it in their lives right now. The biggest challenge integrating HackerOne into my existing security protocols has been on my side, not the tool's. I need to take the time out to use and practice with it, but currently, I'm unable to give it the time I used to. There's no issue from the application side. To use the tool, you first need a basic knowledge of cybersecurity terms, like exploits and vulnerabilities, and how to identify them. Once familiar with these basics, you can learn more from the resources and platforms HackerOne provides. They offer tickets and guides to help you understand the methods for finding and exploiting vulnerabilities. Before deciding to use the solution in your organization, consider the purpose. HackerOne is a multi-platform. If the goal is to spread awareness about cybersecurity or to make the security team more active in learning about hacking methods and new vulnerabilities, then it can be very effective. It allows the team to earn extra money while learning and exploring new vulnerabilities in the market, potentially even finding zero-day vulnerabilities. I would rate HackerOne around an eight to nine out of ten. The application is simple to use, offering numerous opportunities and scopes for exploration. It covers many platforms, including web, Android, and iOS applications. However, the high traffic can sometimes be a drawback. If they manage this issue by implementing features like consolidation pricing for duplicate vulnerabilities, it could easily be a ten out of ten.

Read full review

Jagdish SM

QA Engineering Lead at Confidential

I use the tool for vulnerability assessment and testing. The most valuable feature of HackerOne is its variety of programs. These programs provide depth into various areas, such as mobile, API, and websites. Response time can be improved. The HackerOne Trust team can be slow to respond…

Read full review

reviewer2543502

Security Engineer at PhonePe

The ability to view the conversation between the triagers and the programs will be really good. When an issue gets reported, the understanding conveyed to the program by the triagers is not visible to the reporter. This can cause gaps between what the finder has reported and what is explained to the program. If this communication is visible, it would benefit both parties.

Read full review

HackerOne mindshare

Product category:

As of January 2025, the mindshare of HackerOne in the Bug Bounty Platforms category stands at 36.3%, up from 34.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Bug Bounty Platforms

Key learnings from peers

Last updated Jan 3, 2025

Valuable Features

HackerOne offers access to an experienced hacker community with diverse skills, third-party integrations including payment and project management tools, quick results, and direct dialogue with companies. Support is responsive, and a wide array of programs is available across sectors. Useful for freelancing and beginners in bug bounties, programs provide depth in various areas like mobile and web. Users appreciate the streamlined process for addressing vulnerabilities without long delays.

"It helps me to get new sales, profits, and other benefits."
"The most valuable feature of HackerOne is its variety of programs. These programs provide depth into various areas, such as mobile, API, and websites."
"Apart from getting all the bug bounty opportunities, we also get the chance to practice in a safe environment, like a demo setup. These features are great for beginners who want to explore bug bounties in the future."

Room for Improvement

HackerOne's HackBot has limited integration capabilities and could benefit from more automated services beyond Slack. Increased competition for bounties often disadvantages those reporting second, even after investing time. Response times are slow and could be enhanced with AI usage. Transparency in communication between triagers and programs is lacking, which may lead to misunderstandings when issues are reported. Access to these conversations could provide clarity for both parties involved.

"The ability to view the conversation between the triagers and the programs will be really good."
"Response time can be improved. The HackerOne Trust team can be slow to respond sometimes. They're not using AI, which could help reduce the number of duplicate reports."
"One issue I've experienced is traffic. Many people try to participate when an opportunity with a bounty of around 1,000-15,000 dollars comes up. In this case, the first person to report the vulnerability gets the bounty. If a second person reports the same vulnerability, they are marked as duplicated instead of receiving some recognition. The second person also invested time finding the issue, so I think this can be improved."

Pricing

HackerOne users report a 20% fee on awards, where hackers keep the remaining 80%, i.e., $200 for a $1000 award. Many users mention open-source accessibility and free usage for bug bounty hunters. Larger enterprises might have a subscription option, indicating potential costs for advanced features or larger setups, but the core solution is described broadly as free, highlighting affordability for organizations seeking cybersecurity solutions.

"The solution is free."
"The tool is open-source and free for bug bounty hunters."

Stability

Users report no issues with HackerOne's stability. They find it consistently stable, encountering only minor bugs. No significant problems related to breakdowns or bugs have been noted.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Bug Bounty Platforms Buyer's Guide for additional reliable information.

Top industries

By visitors reading reviews

Computer Software Company

17%

Manufacturing Company

11%

Financial Services Firm

11%

Comms Service Provider

10%

University

Energy/Utilities Company

Government

Insurance Company

Healthcare Company

Educational Organization

Media Company

Retailer

Hospitality Company

Non Profit

Leisure / Travel Company

Legal Firm

Real Estate/Law Firm

Performing Arts

Transportation Company

Construction Company

Consumer Goods Company

Aerospace/Defense Firm

Outsourcing Company

Pharma/Biotech Company

Recreational Facilities/Services Company

Logistics Company

Wholesaler/Distributor

Venture Capital & Private Equity Firm

Compare HackerOne with alternative products

Learn more about HackerOne

HackerOne was previously known as HackerOne Assets, HackerOne Pentesting Services, HackerOne Security Assessments, HackerOne Vulnerability Management.