Skip to main content

Plan Comparison

You decide what's best for you. We'll provide the awesome.

Pick the best product edition for you

Security@

The first step to working with trusted hackers
Get Started
  • Security Page
  • Hacker Reputation
  • Duplicate Detection
  • Standard Analytics
  • Issue Tracker Integration
  • And more...

Enterprise

Take your sophisticated program to scale
Contact Us
  • All from Professional plus...
  • Dedicated Success Manager
  • Advanced Hacker Matching
  • Custom Security Page
  • Communications Assistance
  • And more...
Most convenient

Fully Managed

Convenient triage and bounty management services
Contact Us
  • All platform features and...
  • Bug Triage & Validation
  • Bug Reproduction
  • Bounty Management
  • Advanced Technical Guidance
  • Learn more

Some Of Our Customers

adobe
yahoo
newrelic
uber
github
twitter
slack
square
dropbox
gm

What Our Customers Say

We've been running our program on HackerOne since May 2014 and have found the program to be an invaluable resource for finding and fixing security vulnerabilities ranging from the mundane to severe

Arkadiy Tetelman
Software Engineer,
Twitter

Our unique program combines healthy rewards, a loyalty program, and a 'treasure map' of information to incentivize our community to find even the most subtle bugs as we work together to protect users.

John "Four" Flynn
Chief Information Security Officer,
Uber

A strength that I've found only with HackerOne is the communication with the researcher community, bouncing ideas back and forth, coming up with the best strategy to solve the problem.

Justin Calmus
Chief Information Officer,
Zenefits

Q&A

What is a Security Page?

Your Security Page contains key information about your company and your security disclosure policy. It sets expectations for hackers you invite to your bounty program, outlines your disclosure policy, bug eligibility, and policy for in-scope eligibility. It is important to keep your Security Page up-to-date so researchers always know the important details about your program.

What is HackerOne Fully Managed?

HackerOne Fully Managed is a premium service from HackerOne for customers who want reports reviewed and triaged before seeing them. HackerOne partners with world-class security consulting firms to help you run a world-class program. You select the partner, the level of triage service (Lite or Full), and the length of engagement that best fits your needs. No long term contracts are necessary.

Can HackerOne personnel see my vulnerability reports?

No. HackerOne works to provide organizations with the tools they need to successfully run their own vulnerability coordination program. As such, HackerOne personnel do not have access to your confidential vulnerability reports. HackerOne will never share your confidential data with any other parties. We're also happy to accept report submissions encrypted with the Response Team's PGP key.

What is Reputation?

As hackers submit vulnerability reports through the HackerOne platform, their reputation measures how likely their finding is to be immediately relevant and actionable. Reputation is based exclusively on their track record as a hacker. There are a number of privileges that are gained by maintaining a high reputation, such as becoming eligible to receive invitations to Private bug bounty program.

How should we price bounties?

You determine which submissions to your Security@ deserve bounties, as well as how much to award. To attract the best hackers, and keep them incentivized, we recommend paying for "resolved" reports that are within scope. In some cases, paying for a significant vulnerability that is out of scope is also a good practice.

Are my vulnerability reports safe going through the HackerOne platform?

All traffic to and from the HackerOne servers is encrypted. Your Security Team can use our IP whitelisting policy so your data can only be accessed from locations you control.

HackerOne Features Comparison

Vulnerability Coordination Security@ Professional Enterprise Fully Managed
Security Page
Security@
ISO 29147 & 30111 Compliant Workflows
Maturity Model
Multiparty Coordination
Custom Workflow
Custom Branding
Hacker Engagement Security@ Professional Enterprise Fully Managed
Thanks Page ("Leaderboard")
Hacker Reputation
Signal Requirements
Hacker Messaging
Private Program Limited
Hacker Invitations: Automatic
Hacker Invitations: By Email
Hacker Invitations: By Username
Hacker Invitations: By Reputation
Hacker Invitations: By Skill
Mediation Requests - 5 per month Unlimited Unlimited
Bug Bounty Security@ Professional Enterprise Fully Managed
Award Bounty
Award Bonus
Award Swag
Bounty Processing
Bounty Guidance
Custom Hacker Incentives
Vulnerability Management Security@ Professional Enterprise Fully Managed
Private Comments
Third-Party Escalation
Keyboard Shortcuts
Groups
Report Assignment
Filter & Search Reports
Notifications
Inline Image Attachments
Configure Vulnerability Types
Program Service Level Agreements (SLAs)
Analytics Security@ Professional Enterprise Fully Managed
Standard Dashboard
API: Reports
HackerOne Success Index
Advanced Analytics
Custom Analytics
Efficiency & Intelligence Security@ Professional Enterprise Fully Managed
Duplicate Detection
Automated Scanner Detection
Common Responses
Triggers (If this; Then that)
Bulk Actions
API
Integrations Security@ Professional Enterprise Fully Managed
Assembla Assembla
Bugzilla Bugzilla
Freshdesk Freshdesk
GitHub GitHub
GitLab GitLab
JIRA JIRA
MantisBT MantisBT
OTRS OTRS
Phabricator Phabricator
ServiceNow ServiceNow
Redmine Redmine
Trac Trac
Zendesk Zendesk
HackerOne API
Slack Slack
HipChat (Coming soon) HipChat (Coming soon)
IRC (Coming soon) IRC (Coming soon)
OneLogin OneLogin
Okta Okta
Google Google
Single Sign-On: SAML
Custom SIEM Integration
Custom Issue Tracker
Security Security@ Professional Enterprise Fully Managed
Transport Encryption
Data Portability
Two-Factor Authentication
ISO 27001 Certified
Encryption At Rest
Custom roles & permissions
IP Whitelisting
Single Sign-On: SAML
Customer Success & Support Security@ Professional Enterprise Fully Managed
Support Email Email & Phone Email & Phone
Product Training At Launch Ongoing Ongoing
Program Optimization
Program Benchmarking
Data Import
Dedicated Success Manager
Advanced Hacker Matching
On Demand Reports
On Demand Training
Communication & PR Support
Managed Services Security@ Professional Enterprise Fully Managed
Triage & Validation
Bounty Management
 

Have any questions about our plans, services, integrations, or anything else? We'd love to hear from you!