Skip to main content

November 2015 Feature Announcements

  • November 9th , 2015

We are excited to announce the new features we've added to HackerOne over the last two months. These features are available to use right now and we hope you check them out.

1. Improved Triggers [Settings > Triggers]

Our triggers engine has now been updated with the ability to show an interstitial prior to report submission. When the trigger's criteria has been met, an interstitial appears to convey additional context to the hacker and confirm before the report is submitted. We hope you'll find this feature helps you avoid the submission of a number of out-of-scope or commonly reported false positives.

Here's a live example where ownCloud applied an interstitial trigger to communicate an intentional behavior in their infrastructure:

Interstitial trigger about ownCloud's SPF policyInterstitial trigger about ownCloud's SPF policy

2. Automated Scanner Detection

Automated vulnerability scanners are one of the more common sources of false positives on the platform. To help mitigate their impact, we've updated our report classification engine with detection for common outputs from these scanners that are frequently flagged as invalid by our customers. By allowing the hacker to double check the report before submission, and making the response team aware of its higher propensity to be invalid, we expect the overall quality of submissions to improve. We're continuing to invest heavily in our capabilities around report classification and expect this engine to get even smarter.

This feature is automatically enabled for all programs.

3. SAML [Settings > Authentication]

Improved Single Sign-On options with support for SAML is now available as well. Response teams using an SSO provider to authenticate (such as Okta, Ping Identity, OneLogin, Bitium, and Google Apps) can authentication to their HackerOne programs using those services for centralized authorization and identity management. More information can be found on our help center.

4. Suggest a Bounty [Set Award > Suggest Amount]

We often find that response teams have to meet to determine reward amounts. To assist in this process, we've built inline voting functionality to help teams more easily arrive at consensus. We believe this will also help you ensure more consistency with reward amounts.

Suggest a bounty and discuss with your team-matesSuggest a bounty and discuss with your team-mates

5. Report Abuse [In Report]

Disagreements or contentious discussions may occasionally arise in the course of investigating a report. We've often served as a mediator in these scenarios to assist both parties in arriving at a resolution. If any disagreements or discussions arise about which you'd like an independent opinion, you can now request mediation and our experts will provide guidance.

Request mediation or Ban a researcher from your programRequest mediation or Ban a researcher from your program

6. Additional Integrations

Support for integrating with Slack, Redmine, and Freshdesk are now live. You can find more info on setting up integrations on our Help Center.

We hope you'll find these new features and are looking forward to what's next! Any questions, feedback, or requests? We're always available at support@hackerone.com.

Recent articles

Announcing The Largest DoD bug bounty challenge ever: Hack The Air Force

The Air Force is asking hackers to take their best shot following the success of Hack the Pentagon and Hack the…

Zero Daily Newsletter: Fun, yet informative, AppSec, bug bounty, and hacker news

Read the news every day, and check the usual websites? Want to get your industry news and have a little humor…

More Hardware, More Problems

Bounties are for hardware, too. Microwaves notwithstanding, there is an increasing amount of connected…