HackerOne Response

Establish a compliant vulnerability assessment process for receiving and acting on vulnerabilities discovered by third-parties.

Try Response

The Benefits

Avoid Surprises

Avoid Surprises

Establish an ISO 29147 compliant disclosure policy to safely receive and act on vulnerabilities discovered by external third-parties.

Reduce Risk

Reduce Risk

Work directly with external third-parties to resolve critical security vulnerabilities efficiently before they can be criminally exploited.

Simplify Operations

Simplify Operations

Receive vulnerabilities securely, integrate easily with existing workflows, and let our experienced triage team do the heavy-lifting.

How it Works


Define and publish your disclosure policy on HackerOne


Vulnerabilities are submitted and managed via the centralized Response platform


Vulnerability assessments are reviewed and triaged by your HackerOne security team, handling all communications with third parties.


Depending on preference, you can choose to publicly disclose the report via HackerOne once the issue has been resolved.


Organizations with a mature vulnerability assessment and coordination process can choose to run a self-managed HackerOne Response program using internal teams and resources.

Learn the 5 Critical Components of a Best-In-Class Vulnerability Disclosure Policy

Download Now

In Their Words

Hackers have become an essential part of our security ecosystem.”
Jeffrey Massimilla
General Motors / Read the Case Study

Contact Us