HACKERONE CLEAR

For Organizations that Require Strict Finder Vetting and Enhanced Program Controls

Learn More

Trusted Globally


Crowdsourced security with absolute confidence, visibility and control

Partner with known, proven finders

Verified Clear finders have high signal and impact reputation scores.

Focus on high-impact vulnerabilities

Uncover vulnerabilities that pose real threats to your business.

Customize Finder BAA & NDA Agreements

Meet compliance and legal requirements with custom, digital agreements.

Increase visibility and tracking

Identify HackerOne finder traffic and pause/restart a Clear program or individual finder.

Scale your security testing on a single platform

Use Clear for sensitive applications and open testing of other apps to the broader HackerOne community.

Test external and/or internal attack surfaces

Test internal assets not exposed to the public internet with HackerOne Gateway and IP whitelisting.


Advanced Finder Vetting

Clear’s Advanced Finder Vetting feature is designed for organizations that require strict finder verification capabilities consisting of ID verification, criminal background checks, and skill validation based on the finder’s historical performance.

  • HackerOne’s program management team will match you with trusted finders who have met our Advanced Finder Vetting requirements.
  • To maintain the attractiveness of Clear to the most talented finders, HackerOne partners with customers to ensure competitive rewards, provide regular access to private Clear programs, and offer our Clear finder community exclusive opportunities to attend HackerOne live-hacking events.
  • To meet strict requirements like HIPAA BAA and NDAs, HackerOne offers digital, customizable agreements for vetted finders invited to your program.

Download the Datasheet to learn more about advanced finder vetting

Download
What do we check?

For all countries, we perform Identification Document verification and the maximum Criminal Background Check allowed by law.

For example, Clear vetting for U.S.-based finders includes:
  • Social Security Number Trace and Identity Verification
  • Country Criminal Records Check
  • State Criminal Records Check
  • Federal Criminal Records Check
  • Enhanced Nationwide Records Check
  • Sex Offender Records Check
  • Office of Foreign Assets Control (OFAC) Watchlist Check

For finders located outside of the United States, we include the Office of Foreign Assets Control (OFAC) check and a comprehensive criminal inspection.

Gateway

From private financial records to sensitive patient health data to top secret military systems, many security testing use cases require strict transparency and auditability not available in standard crowdsourced programs.

Gateway allows for all program traffic to be routed through HackerOne’s proprietary VPN technology, capturing all finder traffic data and providing the transparency and controls needed by highly-regulated customers, such as government agencies, insurers, banks, and healthcare organizations.

Learn more about Gateway

Download
How do we do it?
  • Based on Proven, Easy-to-Configure OpenVPN Technology

    Quickly set-up Gateway to isolate finder traffic, speed incident response, quiet false-alarms, and more.

  • Test Applications That Are Not Publicly Accessible

    Bring the security testing effectiveness of vetted finders to pre-production and internal assets.

  • Capture All Finder Testing Traffic and Data

    Access detailed activity logs specifying assets tested on a per finder basis.

In Their Words

The sensitive nature of our assets and hacker participation requirements makes HackerOne's vetting capabilities a critical component of our program's success."
Reina Staley
Former Chief of Staff, Digital Defense Service

Hackerone Clear Bundle

The Clear Bundle is available as a premium add-on for any managed Challenge or Bounty program

Advanced Finder Vetting

Work with top-performing and background-checked finders in our community.

Gateway

Audit and control your crowdsourced testing of sensitive and internal assets through our proprietary VPN.