Background Checks and ID Verification

In order to qualify as a HackerOne Pentester, HackerOne must confirm certain information about you and also onboard you into HackerOne’s Clear program. In addition to the Rules of Engagement for Pentest, you will also be required to accept the HackerOne Clear Rules of Engagement/Additional Terms (the “HackerOne Clear RoE”). In accepting the HackerOne Clear RoE, you acknowledge and agree that HackerOne will conduct such background investigations and ID Verification, and consent to HackerOne conducting each, as these are necessary to participate in any HackerOne Pentest. You may obtain a copy or summary of these reports on written request.

Current Vendor for ID Verification: Berbix
Current Vendor for Background Checks: First Advantage

FAQs

Respect Confidentiality Guidelines, Disclosure Guidelines and NDAs

Respect HackerOne’s Code of Conduct

Only use official communication channels

Submit Reports through Pentest Program Only

Satisfactory Performance

Respect your peers

General Provisions

Definitions

Investigation and Enforcement

If a complaint is received from a customer, team member, another pentester, or if HackerOne observes something that appears to violate the Code of Conduct and/or these Rules of Engagement, HackerOne will in all cases:

  • Assume good intent: HackerOne trusts that pentesters will want to do the right thing.
  • Investigate fully so HackerOne understands what did (and did not) happen. HackerOne will speak to all parties involved, where appropriate, and attempt to provide a neutral viewpoint.
  • Repercussions: If HackerOne determines the pentester has violated the Code of conduct and/or these rules of engagement, there will be disciplinary actions depending on the severity and HackerOne’s assessment of intent. Repercussions could include, depending on severity, temporary bans and permanent bans from HackerOne Pentest, HackerOne Clear, Clear programs and/or the platform.

These rules of engagement will be enforced in accordance with the action guidelines below.

Incident First Offense Second Offense Third Offense
Breaking H1 Pentest Rules of Engagement Temporary Ban from Pentest & Removal from all Pentest Programs (3 months) Temporary Ban from Pentest & Removal from all Pentest Programs (6 months) Permanent Ban from Pentest & Removal from all Pentest Programs

Please note, however, that HackerOne reserves the right to escalate the severity of enforcement and sanctions in accordance with the nature of the offense and irrespective of previous offenses. Depending upon the severity of the offense, sanctions may include, without limitation, longer temporary bans, immediate removal from HackerOne Pentests, HackerOne Clear and/or Clear programs, and/or a permanent ban from the HackerOne Platform.