Skip to main content

HackerOne Makes It Easier and Safer to Manage Vulnerability Reports

The no.1 Bug Bounty Platform Announces Public Launch of its Vulnerability Disclosure Product, used by Adobe, the U.S. Department of Defense, and General Motors

SAN FRANCISCO-- July 20, 2019 --HackerOne, the leading hacker-powered security platform, today announced HackerOne Response, a new product offering for companies to receive security vulnerability reports from the hacker community, their users, and customers. Organizations that don’t have a formalized method for receiving vulnerability submissions from the outside world may find out about security issues on social media, through various support channels, or not at all, leaving customers at risk. HackerOne is the platform for companies to learn what hackers already know about their software.

“The auto industry faces unique cybersecurity challenges,” said Jeff Massimilla, chief product cybersecurity officer at General Motors. “Through our security vulnerability disclosure program on HackerOne, the ethical hacker community is able to provide diverse viewpoints and unique perspectives that complement the security work our internal team is conducting.”

Government and regulatory agencies have increasingly advised companies to set up programs like HackerOne Response. In the past two years, the National Highway Traffic Safety Administration (NHTSA), Food and Drug Administration (FDA), and Federal Trade Commission (FTC) have all provided similar guidance. Some of the largest tech companies in the world rely on these programs. According to a recent study of the 2017 Forbes Global 2000, 54 percent of the Forbes top software/programming companies have vulnerability disclosure programs (VDPs), including Microsoft, Snapchat, Adobe, Symantec,, and Intuit.

“Reducing security risk requires identifying system vulnerabilities and remediating them. Working with hackers is the most efficient way for a corporation to improve application security because it allows security teams to focus on fixing vulnerabilities rather than bug hunting,” said Marten Mickos, CEO at HackerOne. “With HackerOne Response we are providing a platform that automates this workflow and identifies the most valuable and critical submissions for the customer. Keeping up with security vulnerabilities takes a village.”

HackerOne Response is a new offering based on HackerOne’s experience advising nearly 200 organizations on vulnerability disclosure programs, including General Motors, Adobe, the U.S. Department of Defense, and New Relic. To meet growing customer demand, HackerOne is offering a managed vulnerability disclosure product to help organizations of all sizes streamline processes for receiving, escalating, and resolving vulnerabilities from third-parties without necessarily offering financial incentives to hackers. HackerOne Response provides companies a way to better understand their cybersecurity risk profile, while also giving security and software development organizations a secure, purpose-built tool to control who can see and address vulnerability reports coming from outside the organization.

For more information on HackerOne Response or HackerOne’s bug bounty offerings, HackerOne Challenge or HackerOne Bounty, visit