Branding
HACKERONE
Branding

palette
HACKERONE
Colors

Primary Colors

HackerOne Pink(40)
 
Hex
#F922A3
RGB
249, 34, 163
CMY
0, 91, 0, 0
PMS
232C
HackerOne Blue(40)
 
Hex
#1832FE
RGB
24, 50, 254
CMY
84, 54, 0, 0
PMS
2728C
HackerOne Neon Green(30)
 
Hex
#3FFD5A
RGB
63, 253, 90
CMY
68, 0, 100, 0
PMS
802C

Neutral Colors

The neutral gray palette has been developed to provide shades of equidistant decreasing value of 10 from Gray 90. These shades are primarily used by the design team for use in website UI.

Gray 90

Hex
#0A0A0A
RGB
10, 10, 10

Gray 80

Hex
#3A3C45
RGB
58, 60, 69

Gray 70

Hex
#5C5A6A
RGB
92, 94, 106

Gray 60

Hex
#727581
RGB
114, 117, 129

Gray 50

Hex
#92959E
RGB
146, 149, 158

Gray 40

Hex
#AAACB4
RGB
170, 172, 180

Gray 30

Hex
#C5C7CD
RGB
197, 199, 205

Gray 20

Hex
#D6D7DD
RGB
214, 215, 221

Gray 10

Hex
#E7E8EC
RGB
231, 232, 236

Gray 5

Hex
#F7F8F9
RGB
247, 248, 249

Secondary Colors

Secondary colors can be used in infographics, diagrams and charts where an extended color palette is needed.

Dark Pink

Hex
#E10E71
RGB
225, 14, 113

Burgundy

Hex
#7E0462
RGB
126, 4, 98

Purple

Hex
#905FF0
RGB
144, 95, 240

Gold

Hex
#F1A92E
RGB
241, 169, 46

Orange

Hex
#FF641F
RGB
255, 100, 31

Peach

Hex
#FFB185
RGB
255, 177, 133

Forest Green

Hex
#0C9B66
RGB
12, 155, 102

Mint

Hex
#84D5B9
RGB
241, 169, 46

Aqua

Hex
#53C1D9
RGB
83, 193, 217
Hex
#12224F
RGB
18, 34, 79

Ocean

Hex
#1E43A9
RGB
30, 67, 169

Mid Blue

Hex
#285DF2
RGB
40, 93, 242

Violet

Hex
#D653D9
RGB
214, 83, 217

Brown

Hex
#571D21
RGB
87, 29, 33

Champagne

Hex
#E4DAA2
RGB
197, 199, 205

Copper

Hex
#AA712C
RGB
170, 113, 44

Color Usage

The following diagram should be used as a guide for the balance of brand colors in layouts. Black and white should be used for layout backgrounds. Blue is main brand accent color, followed by green, and to a smaller extent, pink.

 
 
 
 
 

Color Usage Don'ts

  • Do not use solid blue, pink or green as background colors in layouts

  • Do not use pink or green for text

  • Do not create large pink shapes which can distract from the design

Gradients

Circle gradients are used in the HackerOne brand.The brand pink and blue are used

Pink and blue gradient on black background

HackerOne Pink #F922A3
75% Opacity

HackerOne Blue #1832FE
75% Opacity

Only blue gradient is used on white background

HackerOne Pink #1832FE
15% Opacity

Examples in use

Only blue gradient is used on white background

Only blue gradient is used on white background

dashboard
HACKERONE
Content Templates

Below are the links to branded content templates for HackerOne.

Data Sheets

Responsive image

Case Studies

Responsive image

White Papers

Responsive image

Solutions Brief

Responsive image

Business Cards

Responsive image
pie_chart
HACKERONE
Icons and Diagrams

Custom Icons

Below are the custom icons used by HackerOne. Custom Icons can be used to represent a more complex idea or abstract concept that is outside the standard icon library.

Gradient icons can be used in stand alone situations where icons are not paired with Google Material icons or in diagrams. One-color icons should be used in diagrams or when closely paired with Google Material icons.

Responsive image
Hackers
The merger of the light bulb,the shield and the person represents the creativity and human ingenuity that Hackers bring to Cyber security
Responsive image
Skills/Talent
Bubbles of various skills – represented by common security icons (API and internal Network) – orbit a selected hacker representing the client’s ability to select for certain skillsets.
Responsive image
Continuous security testing
The lock and circle become one endless loop speaking to a holistic, continuous and all encompassing protection provided by HackerOne
Responsive image
Cloud Security
the cloud and the shield merge to show total protection of data in the cloud. The lightening represents this security as a powerful force.
Responsive image
Application Security
The app screen – a common application security symbol – is embedded within an impenetrable shield generated from the gear, representing the unbreakable ongoing protection provided by HackerOne’s application security.
Responsive image
Vulnerability Management
The dots forming a cyclical barrier around the core speak to how HackerOne’s human expertise monitors and covers the entire attack surface better by providing multilayered proctection driven by human ingenuity
Responsive image
Compliance
The linked document and ribbon represent how HackerOne’s exceptional security keeps companies compliant with regulators
Responsive image
Protection / Assets
The Dome around the a gathering of different geometric shapes represents how HackerOne provides an unbreakable barrier of protection around a wide variety of assets - securing their most valuable data, infrustructure, and applications from malicious attacks.
Responsive image
Insights
The gear in the eye represents the ongoing process of insights, while the connected data-points speak to HackerOne Insights ability to connect and provide visibility into their client's security landscape.
Responsive image
Triage
The flow from alert into various symbols below represents the effecient and intelligent prioritization and routeing in HackerOne’s triage service
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image

Standard Icon Library

HackerOne uses icons from Google Material Library. The outline icon set should be used for HackerOne brand.

lock
vpn_key
screen_search_desktop
access_time
phonelink_lock
bug_report
laptop
auto_graph
report
assignment
account_tree
no_encryption
psychology
leaderboard
security_update_warning
person
assignment_late
gpp_maybe
phone_link
description
keyboard
mouse
new_releases
find_in_page
auto_graph
3p
account_tree
account_circle
folder_shared
drafts

Diagrams

HackerOne diagrams are used to clearly explain our platform and process. When building a diagram, utilize the Google Material iconography library and the custom icons created for HackerOne programs. Consistency should be maintained in the line weight and box colors. The secondary color palette should be used for more complicated charts and graphs. Pink should be used sparingly and intentionally to represent HackerOne and call attention to important HackerOne processes.

Diagram Lines
Line weight : 1.5px
Dash : 4px
Color : Black
-------------------------->
End Point
Black Triangle
Label
Ubuntu Mono
Spacing : 0.8px
Caps

Responsive image
VULNERABILITY
MANAGEMENT
label Box
Fill : Gray 5
Outline : Gray 30

REFINE
  • Use HackerOne insights to
    benchmark results against post tests
    and industry peers
  • Improve by improving vulnerabilities
    from scanners and VRM systems
    into HackerOne platform to triage and remediate
Continuous Security Testing Platform
Chart: Continuous Security Testing Platform
HackerOne in the Vulnerability Management Lifecycle
Chart: HackerOne in the Vulnerability Management Lifecycle
HackerOne in the Vulnerability Management Lifecycle
Chart: HackerOne in the Vulnerability Management Lifecycle
HackerOne Response
Chart: HackerOne Response
Software Attack Risk
Chart: Software Attack Risk
Branding
HACKERONE
Logo Usage

Wordmark Usage

The wordmark, also known as the logotype, is the primary mark that should be used. The wordmark should always be surrounded by clear space that is equal to the x-height of the lower case letter forms in the wordmark (shown).

Responsive image
Minimum size: Digital 75px wide
Minimum size: Print .75 inches wide
Responsive image

Logo Use

The wordmark and logo can be shown in black or white. Other colors, with the few exceptions noted below for the logo, are not permitted. The logo, also known as the glyph, should be used in situations where the wordmark is too large, e.g., a web favicon or bookmark. It can also be used as an accent where the wordmark is also used. It should not be used on its own in other situations as people outside the company likely do not know what it stands for. The logo should always be surrounded by clear space that is equal to the x-height of the lower case letter forms in the wordmark (shown).

The H1 mark should only be placed in a square shape. No other shapes (circle, rectangle, triangle, etc.) are used to contain the H1 mark.

Responsive image
Responsive image
Responsive image
Minimum size: Digital 75px wide
Minimum size: Print .75 inches wide
Responsive image

Wordmark and Logo Colors

The wordmark and logo can be shown in black or white. Other colors, with the few exceptions noted below for the logo, are not permitted.

Responsive image
Responsive image

Special Event Exceptions

To support certain community causes, the logo may be shown in pink (Breast Cancer Awareness), rainbow (Pride), and African flag (Juneteenth).

Responsive image

Breast Cancer Awareness

Responsive image

Pride

Responsive image

Juneteenth

Wordmark and Logo Misuse

Responsive image
block
Don't add drop shadow
Responsive image
block
Don’t distort.
Responsive image
block
Don’t use low resolution files.
Responsive image
block
Don’t place the logo against a background of a similar color or over imagery that negatively affects the visibility of the wordmark or logo.
Responsive image
block
Don’t place the H1 mark in a circle or any other shape.

Co-branding Guideline

Responsive image
Responsive image
Responsive image
Responsive image

Partner Co-branding

When showing HackerOne with a partner brand, both logos should have equal sizing. Be sure to keep enough white space around each logo to ensure that they read individually. The order of the logos will depend on the partnership and should be determined on a case-by-case basis.

Responsive image
Responsive image
Responsive image
subject
HACKERONE
Nomenclature

1. HackerOne Description and Company Boilerplate

HackerOne Description

HackerOne was started by hackers and security leaders who are driven by a passion to make the internet safer. Our platform is the industry standard for ethical hacking solutions. We partner with the global hacker community to surface the most relevant security issues of our customers before they can be exploited by criminals. HackerOne is headquartered in San Francisco with offices in London, and the Netherlands. Investors include Benchmark, New Enterprise Associates, Dragoneer Investments, and EQT Ventures.

HackerOne Boilerplate

HackerOne closes the security gap between what organizations own and what they can protect. HackerOne's Attack Resistance Management blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the ever-evolving digital attack surface. This approach enables organizations to transform their business while staying ahead of threats. Customers include Citrix, Coinbase, Costa Coffee, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Microsoft, PayPal, Singapore’s Ministry of Defense, Slack, the U.S. Department of Defense, and Yahoo. In 2021, HackerOne was named as a ‘brand that matters’ by Fast Company.

2. Product Names
How to use HackerOne product names:
  • On the first use, write HackerOne Product Name. Examples: HackerOne Response, HackerOne Bounty, HackerOne Assessments: Application Pentest for AWS
  • On the second use, write capitalized product names. Examples: Response, Bounty, Application Pentest for AWA
  • Do not use internal abbreviations like H1R, H1B.
  • When referring to a bug bounty program, do not capitalize Bug Bounty.
  • When referring to a VDP, do capitalize the Vulnerability Disclosure Program.
3. How to Write About Hackers

Hackers are doing the world a service. We stand by the majority of them hacking for good.

  • In the first introduction, you may write "ethical hacker" or "ethical hacking." For subsequent mentions, write "hacker" or "hacking."
  • Use the term "security researchers" in government content as required or further explain hackers, such as "hackers, also known as security researchers."
  • Avoid the use of "white hat" or "black hat" to describe hacking. These terms are racially inappropriate, and "white hat" is not distinct from ethical hacking. Also, avoid "finders" as this is also not distinct from ethical hacking.
panorama
HACKERONE
Photography

Human-Centered Photography

Human-centered photography should be diverse, personal, dynamic, and natural. Hacker events, active hacking, and HackerOne employees, are a foundation for visualizing the HackerOne brand, as hackers are essential to all we do.

Responsive image
Responsive image
Responsive image

Duotone Image Treatment

Convert image to black and white and apply a duotone filter using the 3 main colors in the palette as shown below.

Responsive image
HackerOne Neon Green
 
Hex
#3FFD5A
RGB
63, 253, 90
Responsive image
HackerOne Pink(40)
 
Hex
#F922A3
RGB
249, 34, 163
Responsive image
HackerOne Blue(40)
 
Hex
#1832FE
RGB
249, 34, 163
Responsive image
HackerOne Grey(90)
 
Hex
#0A0A0A
RGB
10, 10, 10

Glitch Overlay Image Treatment - Blog

An Overlay glitch texture can be applied to the duotone imagery.

Responsive image
trending_flat
Responsive image
trending_flat
Responsive image

Pixel Square Usage

The pixel squares are a design element that is used to frame and compliment HackerOne photography, product shots and illustrations. The pixel squares should not be used as a standalone design element or used to create layouts that are dominant with the pixel shape. Exceptions to this rule are only for special campaigns (FOMO, CISO).

Responsive image
Example: Pixel square accents with product photography
Responsive image
Example: Pixel square accents with portraits.
Responsive image
Example: Pixel square accents paired with photography.
blockDo not overuse pixel squares or create layouts with colored squares by themselves.
Pixel squares should not dominate over other creative elements.

Hacker Profile Treatment

Hacker profiles should be converted to black and white and placed in a circle frame. Pixel squares may be used as additional framing design elements.

Responsive image

Product Shots

Realistic product shots can be isolated to highlight key features. Always use high-fidelity photos or vector recreations of product screenshots so that text remains legible.

Responsive image
Responsive image

Grid System

When creating layouts, a grid system can be overlayed on images to align a layout and frame images.

Responsive image Example: 30px grid system
Responsive image
panorama
HACKERONE
Social Media

Social Media Headers

Social media header copy should always be Poppins Bold and formatted in sentence case.

CTA Buttons should be Poppins Bold title case.
Underlined CTAs should be Ubuntu Mono sentence case.

Social Cards

Use sentence caps for social media. This includes the content for these (subject lines, subheads, etc.,) and for the graphics..

Blog Posts

Social media promoting blog posts should always have headlines formatted in sentence case.

Social Card 1200x627

Responsive image

Social Card 800x800

Responsive image

Webinar Promotion

Responsive image
Responsive image

Event Promotion

Event promotion should follow the visual brand guidelines of the event. Copy and CTA treatment should follow the HackerOne brand style guidelines.

Responsive image
Responsive image

Community

Social posts for the community can be more flexible in themes but consistent in fonts and colors of the HackerOne brand.

Voice

All platforms are consistent with the brand voice but lean more towards the Magician persona for all social content.

Twitter, Instagram, YouTube

Voice: Casual, witty, passionate, knowledgeable

Youtube
Instagram
Twitter
Responsive image
Responsive image

LinkedIn

Professional, knowledgeable

Responsive image
Responsive image
text_fields
HACKERONE
Typography

UBUNTU MONO BOLD LETTER-SPACE 1%

Eyebrow

____________
VULNERABILITY MANAGEMENT
POPPINS BOLD

Headlines

____________
Don’t fear the hackers. Hire them. That’s what Adobe did.
Note: All headlines in printed collateral(one pagers, white papers, eBooks) should be title case. All headlines in digital assets are always sentence case.
 
 
Allow for Space
Responsive image
POPPINS REGULAR

Body

_____________
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
 
Allow for Space
Responsive image
POPPINS BOLD

CTA Buttons

____________
UBUNTU MONO BOLD

CTA Text

____________
CRIMSON PRO REGULAR

Body

_____________
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
Note: Crimson Pro should be used on long form content only (whitepapers, data sheets, solutions briefs, case studies).
UBUNTU MONO BOLD

Code Snippets

____________
*This text is italicized*
**This text is bold**
~~This text is deleted~~
==This text is highlighted==
 
When writing content that includes code snippets, use our Mono font in 10 point. Follow the instructions in this document.
UBUNTU MONO BOLD

Statistics Text

____________
1,000
GLOBAL BRANDS USE HACKERONE

Alternate Fonts

For Microsoft and other products that do not support the above fonts, the following may be used as substitute.
Century Gothic
Century Gothic can be used as a substitute for Poppins.
Lucida Console
Lucida Console can be used as a substitute for Ubuntu Mono.

Text Color

Text should be black (#000000), not dark gray, for readability. Textual CTAs are HackerOne pink (#F922A3) on both white and black backgrounds. Headlines and other text should not be pink. Hyperlinks are HackerOne pink (#F922A3).
Pink #F922A3 on white background.
Pink #F922A3 on white background.

Typography Misuse

Don’t fear the hackers. Hire them. That’s what Adobe did.
block
Don’t use pink for headlines and body copy blocks.
Pink text should be reserved for text CTAs and inline hyperlinks.
Don’t fear the hackers. Hire them. That’s what Adobe did.
block
Don’t use Gray 90 for text color. Solid black (#000000) should be used for legibility.
wysiwyg
HACKERONE
Blog Image Styles

General Blog Guidance

Blog images should not have any text. Avoid solid white or solid black background fills. Gradient glows can be used to distinguish blog images frame edges from white and black backgrounds.

Duotone Image Treatment

Convert image to black and white and apply a duotone filter using the 3 main colors in the palette as shown below.

Responsive image
HackerOne Neon Green
 
Hex
#3FFD5A
RGB
63, 253, 90
Responsive image
HackerOne Pink(40)
 
Hex
#F922A3
RGB
249, 34, 163
Responsive image
HackerOne Blue(40)
 
Hex
#1832FE
RGB
249, 34, 163
Responsive image
HackerOne Grey(90)
 
Hex
#0A0A0A
RGB
10, 10, 10

Glitch Overlay Image Treatment - Blog

An Overlay glitch texture can be applied to the duotone imagery.

Responsive image
trending_flat
Responsive image
trending_flat
Responsive image

Asset Treatment

For blog posts that highlight a downloadable asset, use the following template.

Apply dropshadow to asset. X:4, Y:4, Blur: 10, Black Opacity: 25%. (Note: dropshadow should be adjusted appropriatly for smaller scales.)

Responsive image
Responsive image
Dark background treatment can be used on assets that are mostly white.
Responsive image
Responsive image
Responsive image
Light background treatment can be used on assets that are mostly black.
Responsive image
Responsive image
Responsive image

Photo Guidelines for Blog Categories

Technical

Select imagery for technical blog posts that strongly relates to the topic and technology.

Responsive image
Responsive image

Hacker-Focused

Human-centered imagery should be selected for topics related to ethical hackers.

Responsive image
Responsive image

Thought Leadership

Human-centered imagery related to collaboration or HackerOne events should be selected for thought leadership posts.

Responsive image

Author and Interview Treatment

For blog posts that highlight an individual, convert portrait images to duotone and place within circle frame.

Header image on blog post should be positioned on the right to avoid being cut off by the template.
Responsive image
Responsive image
Responsive image

Export Sizes

Blog Main Featured 560x494
Blog Header 763x462
Blog Tile 352x192
Social Card 1200x627
Social Card 800x800
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
Responsive image
volume_mute
HACKERONE
Digital Promotions

Email Headers

Email graphics should follow the HackerOne brand guidelines for color and typography. Email copy should follow the established guidelines in the writing section. Use sentence case for email marketing. This includes the content for these (subject lines, subheads, etc.) and for the graphics.

Responsive image
Nurture email header promoting webinar
Responsive image
Nurture email header promoting resource
Responsive image
Nurture email headers promoting downloadable content
Responsive image
 

Landing Pages

To be determined

Banner Ads

Banner ads should follow the HackerOne brand guidelines for color and typography. Banner ad copy should follow the established guidelines in the writing section. Use sentence case for advertising. This includes the content for these (subject lines, subheads, etc.) and for the graphics.

Responsive image
1200x627
Responsive image
728x90
Responsive image
300x600
Responsive image
320x480
Responsive image
160x600
Responsive image
320x480
Responsive image
320x50
Responsive image
300x250
Responsive image
1200x1200
Responsive image
1024x768
Responsive image
768x1024
Responsive image
800x800
Responsive image
1024x768
create
HACKERONE
Writing

1. HackerOne Brand Persona

The HackerOne Brand Persona or Archetype is a Magician first, Engineer second. Brand archetypes elevate brands in crowded marketplaces and help align communication, tone, style, and content.

  • A Magician craves transformation and transparency, seeks to change people, organizations, and the world, and cares about who you are and what you value.
  • An Engineer solves problems, is results-oriented, and converts creative energy into practical expression.
  • Similar brands in this category include Tesla, Dyson, and Stripe.

2. HackerOne Brand Voice

The HackerOne Brand Voice is human, collaborative, realistic, and a catalyst for change. What does that mean for content?

  • We write clearly and directly using approachable language
  • We avoid the use of jargon
  • We are concise
  • Our voice is that of a collaborative partner
  • We marry human creativity and technological innovation
  • We present practical, forward-thinking solutions
Example:
Bad actors capitalize on modern development processes. The 2020 SolarWinds attack, impacting over 250 organizations, highlighted the severe impact of software supply chain attacks. These vulnerabilities persist, and new ones emerge in digital-first organizations. Today's security teams need increased visibility, expertise, and scalability to succeed in a digital transformation.

3. HackerOne Brand Tone Spectrum

When we write content, we always use the HackerOne overall brand voice of Magician, Engineer second, but the tone of each piece of content falls on a spectrum.

  • We write clearly and directly using approachable language
  • We avoid the use of jargon
  • We are concise
  • Our voice is that of a collaborative partner
  • We marry human creativity and technological innovation
  • We present practical, forward-thinking solutions
The Engineer educates and documents using clear, direct language with the platform, product marketing, blog content, and engineering and product documentation.
BLOG EXAMPLE:
Bug bounty programs post a reward structure for reported vulnerabilities based on the potential negative impact. Many leading organizations use bug bounty programs to identify unknown security vulnerabilities that malicious actors might exploit. Some of the most prominent bug bounty programs are run by HackerOne on behalf of the U.S. Department of Defense, Verizon, and IBM.

Documentation examples:

HACKERONE PENTESTS:
Authorized hackers simulate a cyberattack on a specific application to test how secure the application is. HackerOne pentests are performed by select hackers from the HackerOne community with skills and experience that best match your applications in scope.
SUPPORTED INTEGRATIONS:
HackerOne integrates with many issue tracking tools. The integration ensures that the HackerOne platform fits into your existing security workflow with minimal friction. Integrating with one of these services will enable you to push report submissions into your preferred systems. You can set up multiple issue tracker integrations as well as a Slack integration.
As the Engineer includes more Magician influence, they write events and internal communications content.
EVENT PROMOTION EXAMPLE:

Deploying applications in the cloud gives you unprecedented flexibility—and unprecedented exposure to security threats that can hinder innovation. But risk reduction and product timelines don’t have to be at odds. By implementing a few key strategies, your team can identify and fix security vulnerabilities before they’re exploited—and keep your business humming along.

In this cloud security roundtable, you’ll learn:

1. Key measures every cloud-centric company should take to protect their attack surface

2. The most effective ways to uncover hard-to-find vulnerabilities

3. How ethical hackers help cloud-native companies remediate thousands of weaknesses each year

4. How transparency about your security measures builds public trust

Our brand tone moves closer to Magician with website content, social media, and marketing emails
SOCIAL MEDIA EXAMPLE:

Organizations spend over half a trillion annually investing in API integrations. We are releasing a brand new CTF level on #hacker101 tomorrow with a focus on API hacking! What are some of your favorite API hacking resources, tools, or tricks? Let us know in the replies!

The complete Magician writes advertising content.

ADVERTIZING EXAMPLE:

The 2021 Hacker Report is now available! Download the report and understand hacker motivations, development, and the outlook for the future.

4. HackerOne Messaging

The HackerOne Brand Voice is human, collaborative, realistic, and a catalyst for change. What does that mean for content?

  • HackerOne is the most trusted ethical hacking platform.
    HackerOne sets the industry standard for ethical hacking solution. The world’s biggest organizations trust HackerOne to keep their security programs at the forefront.
  • HackerOne connects you directly to the hacker. HackerOne’s hacker community is the largest and most diverse in the world. Ours is the only platform that gives you direct access to hackers.
  • HackerOne has an all-in-one platform. Our continuous testing platform can help mitigate security risks by allowing you to test systematically at each level of the Software Development Lifecycle (SDLC). Increase visibility, reduce risk, and manage security costs with our all-in-one platform.
  • HackerOne is a long-term and trusted partner. HackerOne collaborates with partners to deliver seamless integration, tailored program development, and scalability, ensuring maximum security and business impact.
  • HackerOne is mission-driven. Our solutions empower the world to build a safer internet.

5. HackerOne Description and Company Boilerplate

HackerOne Description

HackerOne was started by hackers and security leaders who are driven by a passion to make the internet safer. Our platform is the industry standard for ethical hacking solutions. We partner with the global hacker community to surface the most relevant security issues of our customers before they can be exploited by criminals. HackerOne is headquartered in San Francisco with offices in London, and the Netherlands. Investors include Benchmark, New Enterprise Associates, Dragoneer Investments, and EQT Ventures.

HackerOne Boilerplate

HackerOne closes the security gap between what organizations own and what they can protect. HackerOne's Attack Resistance Management blends the security expertise of ethical hackers with asset discovery, continuous assessment, and process enhancement to find and close gaps in the ever-evolving digital attack surface. This approach enables organizations to transform their business while staying ahead of threats. Customers include The U.S. Department of Defense, Dropbox, General Motors, GitHub, Goldman Sachs, Google, Hyatt, Lufthansa, Microsoft, MINDEF Singapore, Nintendo, PayPal, Slack, Starbucks, Twitter, and Yahoo. In 2021, HackerOne was named as a ‘brand that matters’ by Fast Company.

6. Official Writing Style Guides

AP StyleBook

At HackerOne, we follow the AP StyleBook with one exception. We always use the Oxford comma.

What is the Oxford comma, and how do I use it? The Oxford comma is a comma used before the final conjunction in a list of three or more items. When you write a list, you naturally include commas to separate each item, but an Oxford comma is when you also put a comma before the "and [Final Item]."

  • Without Oxford comma: "Today's security teams need increased visibility, expertise and scalability to succeed in a digital transformation." (This makes it sound like expertise and scalability are linked together.)
  • With Oxford comma: "Today's security teams need increased visibility, expertise, and scalability to succeed in a digital transformation." (This shows that there are three different needs for security teams.)
  • You use the Oxford comma similarly in lists in which the conjunction is the word "or."
Spelling

We use the online Merriam-Webster dictionary for questions of spelling. Use the first spelling presented, and note that word presentations in the dictionary supersede the AP Stylebook.

7. Active Voice and Point of View

Active Voice

Write in an active voice whenever possible. Note: there is no connection between active/passive and brand voice.

  • When using active voice, the sentence's subject acts.
    • An ethical hacking platform helps mitigate customer risk.
  • When using passive voice, an action is applied retroactively to the subject.
    • Customer risk can be mitigated by an ethical hacking platform.

Active voice is more fluid and confident, while passive voice is more formal, but most importantly, is also less trustworthy and powerful.

Point of View

Write in the second person plural POV except in formal pieces like press releases. In the second person plural, the speaker addresses the reader directly (you).

EXAMPLE:

You can improve your security posture with ethical hacking solutions.

8. Tense

Tenses tell readers when something will occur or when it happened in the past.

The present tense is an unchanging, repeated, or recurring action that exists right now. Simple present is the preferred use of present tense. It uses the fewest words and is best for crafting clear and concise messaging.

  • Simple present tense: Bad actors capitalize on modern development processes.
Past tense expresses an action that starts and ends at a previous point in time. Simple past is the preferred use of past tense. Like simple present tense, it is the least wordy of all the past tense sub-categories and is preferred because it is clear and concise.
  • Simple past tense:Our recent roundtable took a closer look at digital transformation cybersecurity challenges.
  • Future tense expresses an action that occurs in the future. Avoid writing in this tense when creating customer-facing content.

9. General Dos and Don’ts

Product Names
How to use HackerOne product names:
  • On the first use, write HackerOne Product Name. Examples: HackerOne Response, HackerOne Bounty, HackerOne Assessments: Application Pentest for AWS
  • On the second use, write capitalized product names. Examples: Response, Bounty, Application Pentest for AWA
  • Do not use internal abbreviations like H1R, H1B.
  • When referring to a bug bounty program, do not capitalize Bug Bounty.
  • When referring to a VDP, do capitalize the Vulnerability Disclosure Program.
How to Write Using Code Snippets

When writing content that includes code snippets, use our Mono font in 10 point. Follow the instructions in this document.

How to Write About Hackers

Hackers are doing the world a service. We stand by the majority of them hacking for good.

  • In the first introduction, you may write "ethical hacker" or "ethical hacking." For subsequent mentions, write "hacker" or "hacking."
  • Use the term "security researchers" in government content as required or further explain hackers, such as "hackers, also known as security researchers."
  • Avoid the use of "white hat" or "black hat" to describe hacking. These terms are racially inappropriate, and “white hat” is not distinct from ethical hacking. Also, avoid "finders" as this is also not distinct from ethical hacking.
Abbreviations and Acronyms

Caps and Periods - Use periods in most two-letter abbreviations: U.S., U.N., U.K. Note: EU does not have a period. In headlines, do not use periods in abbreviations unless required for clarity.

With Dates or Numerals - Use the abbreviations A.D., B.C., a.m., p.m.,

  • For example: In 450 B.C., at 9:30 a.m.

Acronyms - Always write out the first instance and put the acronym in parentheses. Subsequent mentions can be the acronym only.

  • Example: Vulnerability Disclosure Programs (VDPs) help mitigate risk. Your organization can implement a VDP at any time.

Avoid acronyms in headlines and titles.

Headlines, Captions, and Capitalization

Headlines, subheadings, and captions help tell the story and represent the key concepts and supporting ideas in the content. They visually convey levels of importance and guide readers to distinguish the main points from the rest.

Captions should explain to the reader what they are seeing and why it is important. What conclusions can they draw? Captions must add to the understanding of the content.

  • Do not write: "Figure 1 Hacker Types"
  • Do write: "Figure 1 Shows Hacker Bounties by Industry"
How to Use Capitalization

Headlines in content—use title caps, for example: How Bug Bounty Programs Help Mitigate Risk (this also applies to slide decks)

Subheads in content—use title caps for content (we do not do this in slide decks)

Other capitalizations—use title caps for slide decks, blog posts, eBooks, and other downloadable content. This includes graphics for this content. Use sentence caps for website heroes and headings, email marketing, advertising, and social media. This includes the content for these (subject lines, subheads, etc.) and for the graphics.

The use of sentence caps generally conveys a modern style, while title caps are industry-standard formatting in certain types of content. Figure 1 below shows a blog post graphic with title caps and Figure 2 shows the same graphic for use in social media with sentence caps.

Responsive image
Figure 1: A blog post graphic using title caps
Responsive image
Figure 2: A social media graphic for the blog post above using title caps

Do not capitalize nouns like "program" unless the word is at the beginning of a sentence.

10. Words to Avoid

Avoid the use of hyperbole. Hyperbole is an extreme exaggeration Example: I'm so hungry I could eat a horse. We also avoid the use of exaggerated language like "drastically," "whopping," etc.

Don’t say:
  • 360-degree view - this is jargon. Be clear and concise with something like: "See everything you need to know," or "comprehensive view."
  • Agile - unless describing an agile development
  • Best
  • Best-in-class
  • Company/companies - use organization/s
  • Criminals - when referring to bad actors say "cybercriminals" or "cybercrime"
  • Cutting-edge
  • Easy-to-use
  • Empower
  • Enable
  • Holistic (use comprehensive)
  • Huge (use significant or considerable)
  • Incenting (use incentivizing)
  • Most (unless data can support it)
  • Market-leading (unless data can support it)
  • Patent-pending (unless discussing the state of our patent. Do not use when you can’t think of another benefit for a feature or technology)
  • Posture
  • Powerful (as a modifier)
  • Real-time
  • Robust
  • Seamless
  • Single pane of glass (dated as we all use multiple devices)
  • Sports metaphors (use sparingly if at all and avoid U.S. centric examples)
  • Streamlined
  • Unprecedented

11. Words and Terms We Use

  • cybersecurity NOT cyber security
  • cyberattack NOT cyber attack
  • organization NOT company
  • hacker-powered NOT hacker powered
  • internet NOT Internet
  • eBook NOT ebook or e-book
  • e-commerce NOT ecommerce (capitalized at the beginning of a sentence only)
  • pentest and pentesting as one word NOT pen test or pen testing
  • cybercriminal, bad actor, or malicious actor NOT criminal

12. Citing Stats and Using Hyperlinks

When creating customer-facing content like blog posts, you may cite statistics to build credibility, emphasize a point, or otherwise share important information. Always cite your sources.

  • When citing from a study or report (find reputable sources), use the source’s name in your content.
Example:
According to a Ponemon Institute/CyberGRX 2020 survey, 82% of technology leaders attributed at least one data breach to digital transformation.
  • When mentioning or referencing the source or using an article’s data to inform your content, it is acceptable to hyperlink the mention.
Example:
The 2020 SolarWinds attack, impacting over 250 organizations, highlighted the severe impact of software supply chain attacks.

13. Trademarks

When mentioning vendors or partners or their products, be sure to include trademarks and registered trademarks as per their guidelines.

Trademark (symbol ™) vs. Registered Trademark (symbol ®)

Organizations use the trademark symbol ™ when they haven’t registered with the United States Patent and Trademark Office (USPTO). They have common law protections only. Registered trademarks are USPTO registered and prevent anyone else from using your name or logo.

Note: Only use the trademark or registered trademark symbol on the first mention of the organization or product.
How to Create Symbols on Your Mac Keyboard

For a trademark symbol, type "option 2" to get ™. Confirm it’s superscript (this is automatic with ™) with Format, Text, Superscript and resize so the symbol is not the same size as the text font. It should look like this: Android ™

For a registered trademark symbol, type "option r" to get ®. Resize so it’s not the same size as the text font with Format, Text, Superscript, and resize. It should look like this: Microsoft ®

Examples of common trademarks or registered trademarks we use are: Windows ®, Microsoft ®, MacOS ®, iOS ®, Google™, AWS ®, Jira ®, GitHub ®, GitLab ®, PagerDuty ®, Slack ®

14. Numbers, Symbols, and Miscellaneous

Numbers

Always write out the numbers one through ten. Write numbers above ten as numerals.

Example:
I have been an employee at HackerOne for four years. But, I have lived in San Francisco for 15 years.

When you begin a sentence with a number, write out the number.

Example:
One hundred hackers joined the live hack event.

When writing decimals, write the numeral, even if it is below ten, to ensure clarity and accuracy.

Example:
He used 4.5% of the allotted time.

When writing percentages, use numerals and the percentage sign except at the beginning of a sentence.

Example:
Cyberattacks surged 60% during March of 2020.Eighty-five percent of CISOs worry about ill-equipped security teams.
Use of Ampersands

Use the word "and" rather than an ampersand (&) in headlines and titles. Only use ampersands when they are specifically branded by a partner, customer, or vendor. Example: Procter & Gamble. The ampersand is part of their brand.

Quotation Marks and Slashes

When using quotation marks, we use double quotation marks. Use single quotation marks for a quote within a quote. You are not likely to need single quotation marks.

DOUBLE QUOTES EXAMPLE:
Scott Ward of AWS said, "We try to guide customers to think outside the box about how to improve security and to build in security-by-design when moving to cloud."
QUOTE WITHIN QUOTE EXAMPLE:
A hacker said, "I thought I was getting a 'large' bounty."

Don’t use slashes as in "and/or."

  • Don’t say: I can upvote an answer that satisfies me and/or mark it as accepted.
  • Do say: I can either upvote an answer that satisfies me, mark it as accepted, or both.

Spacing After a Period - it is no longer common practice to put two spaces after a period. Use only one space after a period.

Em Dash, En Dash, and Hyphens

There are two types of dashes. The en dash is approximately the length of the letter n, and the em dash the length of the letter m.

  • The shorter en dash (–) is used to mark ranges.
  • The longer em dash (—) is used to separate extra information or mark a break in a sentence.

The en dash can be used in the same way as an em dash; in this case, it requires a space on either side. At HackerOne, we use the em dash only for consistency.

Make sure not to confuse dashes with shorter hyphens (-), which are used to combine words (as in well-behaved or long-running). Do not use a hyphen in place of a dash.

  • Em dashes are used in pairs to mark additional information that is not essential to understand the sentence. They function similarly to parentheses or commas. Don’t put a space on either side of an em dash.
EXAMPLE:
Security ratings assess cyber readiness and manage cyber risk, determine risks associated with the software supply chain, and—for organizations with high ratings— can lower cyber insurance costs.
  • Em dashes are used to mark a break in a sentence in place of a semicolon or colon for emphasis. Use them infrequently this way in academic writing.
EXAMPLE:
Exploiting known vulnerabilities is among the top vectors for cyber attacks. A Ponemon Institute study found that 60% of breaches can be traced to an unpatched vulnerability—specifically, a known vulnerability registered in the CVE database.
  • En dashes indicate a range of numbers or time span and can represent "to" or "through."
EXAMPLE:
HackerOne had a successful 2019-2020 fiscal year.
  • Use hyphens mainly to link words (or parts of words). They most commonly appear with compound adjectives, phrasal verbs being used as nouns, and after some prefixes.
    • Use when compound adjectives modify nouns.
      • Example: HackerOne is a fast-paced technology company.
    • Use only when phrasal verbs are used as nouns.
      • DON’T USE: A bad actor tried to break in.
      • USE: There was a break-in of their server.
  • Use them with prefixes that come before a capital letter, numeral, or date.
    • They reported vulnerabilities pre-VDP.
smart_button
HACKERONE
Buttons and Interactive Elements

Primary

 
STATIC
HOVER / FOCUS
DISABLED

Secondary

STATIC
HOVER / FOCUS
DISABLED

Tertiary

 
STATIC
HOVER / FOCUS
DISABLED

Primary Text Link

Inline Text Link

STATIC
Reduce your company’s risk of security vulnerabilities and tap into the world’s largest community of security hackers. Contact us today to see which program is the right fit.
HOVER / FOCUS
Reduce your company’s risk of security vulnerabilities and tap into the world’s largest community of security hackers. Contact us today to see which program is the right fit.

Carousel Directional Arrows

STATIC
east
HOVER / FOCUS
east
check_box
HACKERONE
Form States

Main Form - Dark

STATIC
NAME*
ERROR
NAME*
Number of Employeeserror_outline
Please fill in your name
MOBILE
NAME*
ACTIVE/TYPING
NAME*
Hudson Nunez
LABEL TEXT
COMPANY SIZE*
Number of Employeeskeyboard_arrow_down
COMPLETED
NAME*
Hudson Nunez
DROPDOWN
COMPANY SIZE*
Number of Employeeskeyboard_arrow_up
1-99
150-199
200-249
250-499
500-749
750-999
1000-2499
2500+
DROPDOWN COMPLETED
COMPANY SIZE*

Main Form - Light

STATIC
NAME*
ERROR
NAME*
Number of Employeeserror_outline
Please fill in your name
MOBILE
NAME*
ACTIVE/TYPING
NAME*
Hudson Nunez
LABEL TEXT
COMPANY SIZE*
Number of Employeeskeyboard_arrow_down
COMPLETED
NAME*
Hudson Nunez
DROPDOWN
COMPANY SIZE*
Number of Employeeskeyboard_arrow_up
1-99
150-199
200-249
250-499
500-749
750-999
1000-2499
2500+
DROPDOWN COMPLETED
COMPANY SIZE*

Checkboxes

NOT SELECTED
check_box_outline_blankForm item
SELECTED
checkForm item
NOT SELECTED
check_box_outline_blankForm item
SELECTED
checkForm item

Radio Buttons

NOT SELECTED
radio_button_uncheckedForm item
SELECTED
radio_button_checkedForm item
NOT SELECTED
radio_button_uncheckedForm item
SELECTED
radio_button_checkedForm item

Forms

Get Your Ebook
NAME*
LAST NAME*
COMPANY NAME*
WORK EMAIL
PHONE NUMBER*
COUNTRY*
Select a Countrykeyboard_arrow_down
COMPANY SIZE*
Number Of Employeeskeyboard_arrow_down
Get Your Ebook
NAME*
LAST NAME*
COMPANY NAME*
WORK EMAIL
PHONE NUMBER*
COUNTRY*
Select a Countrykeyboard_arrow_down
COMPANY SIZE*
Number Of Employeeskeyboard_arrow_down
Get Your Ebook
NAME*
error_outline
Please fill in your name
LAST NAME*
COMPANY NAME*
WORK EMAIL
PHONE NUMBER*
COUNTRY*
Select a Countrykeyboard_arrow_down
COMPANY SIZE*
Number Of Employeeskeyboard_arrow_down
grid_view
HACKERONE
Components

Blog Tiles

Desktop - Non-white background

Tile background is white

STATIC
placeholder
TAG HEADING HERE
Lorem ipsum dolor sit amet consectetur adipiscing.

In hac habitasse platea dictumst. Ut quis ornare ligula, vehicula volutpat eros. Phasellus tincidunt elit sit amet.

HOVER
placeholder
TAG HEADING HERE
Lorem ipsum dolor sit amet consectetur adipiscing.

In hac habitasse platea dictumst. Ut quis ornare ligula, vehicula volutpat eros. Phasellus tincidunt elit sit amet.

Desktop - white background

Tile is outlined with stroke

STATIC
placeholder
TAG HEADING HERE
Lorem ipsum dolor sit amet consectetur adipiscing.

In hac habitasse platea dictumst. Ut quis ornare ligula, vehicula volutpat eros. Phasellus tincidunt elit sit amet.

HOVER
placeholder
TAG HEADING HERE
Lorem ipsum dolor sit amet consectetur adipiscing.

In hac habitasse platea dictumst. Ut quis ornare ligula, vehicula volutpat eros. Phasellus tincidunt elit sit amet.

Mobile - Non-white background

Tile background is white

STATIC
placeholder
TAG HEADING HERE
Lorem ipsum dolor sit amet consectetur adipiscing.

In hac habitasse platea dictumst. Ut quis ornare ligula, vehicula volutpat eros. Phasellus tincidunt elit sit amet.

HOVER
placeholder
TAG HEADING HERE
Lorem ipsum dolor sit amet consectetur adipiscing.

In hac habitasse platea dictumst. Ut quis ornare ligula, vehicula volutpat eros. Phasellus tincidunt elit sit amet.

Mobile - white background

Tile is outlined with stroke

STATIC
placeholder
TAG HEADING HERE
Lorem ipsum dolor sit amet consectetur adipiscing.

In hac habitasse platea dictumst. Ut quis ornare ligula, vehicula volutpat eros. Phasellus tincidunt elit sit amet.

HOVER
placeholder
TAG HEADING HERE
Lorem ipsum dolor sit amet consectetur adipiscing.

In hac habitasse platea dictumst. Ut quis ornare ligula, vehicula volutpat eros. Phasellus tincidunt elit sit amet.

Email Signup Tile

Cards

DESKTOP
placeholder
TAG HEADING HERE
Lorem ipsum dolor sit amet consectetur adipiscing.

In hac habitasse platea dictumst. Ut quis ornare ligula, vehicula volutpat eros. Phasellus tincidunt elit sit amet.

  • In hac habitasse platea. Ut quis ornare ligula, vehicula volutpat.
  • In hac habitasse platea. Ut quis ornare ligula, vehicula volutpat.
  • In hac habitasse platea. Ut quis ornare ligula, vehicula volutpat.
MOBILE
placeholder
TAG HEADING HERE
Lorem ipsum dolor sit amet consectetur adipiscing.

In hac habitasse platea dictumst. Ut quis ornare ligula, vehicula volutpat eros. Phasellus tincidunt elit sit amet.

  • In hac habitasse platea. Ut quis ornare ligula, vehicula volutpat.
  • In hac habitasse platea. Ut quis ornare ligula, vehicula volutpat.
  • In hac habitasse platea. Ut quis ornare ligula, vehicula volutpat.