Decoding the HackerOne Code of Conduct

May 16, 2023 HackerOne

When hackers participate in programs on the HackerOne platform, they agree to help empower our community by following the HackerOne Code of Conduct (CoC). The Code of Conduct provides a breakdown of behaviors that are not conducive to enabling a courteous environment or unproductive to the report validation process. The Mediation team at HackerOne is responsible for reviewing, responding to, and actioning any Code of Conduct violations reported to them.

For the first time since 2020, the Code of Conduct has been revised, with the main intention of being more transparent and clear in our descriptions of behavioral concerns to better enable universal understanding across our international community of hackers and customers. As the industry continues to rapidly evolve, it is on HackerOne to try to ensure that we align with the industry norms of Code of Conduct management. 

What changes are being made?

Amongst the updates of the Code of Conduct, we have made the following changes:

  • More detailed information has been provided about common violations we see reported to Mediation to help hackers avoid the specific behavior in the first place
  • Aligned titles of various Code of Conduct violations to the corresponding Enforcement Action 
  • More transparency around the way violations of the Code of Conduct are handled nowadays within our updated Enforcement Actions Rubric
  • Disclosure is now represented as two categories: Unauthorized Disclosure - Private Programs and Uncoordinated Vulnerability Disclosure - Public Programs
  • A category has been created for Circumventing program or platform bans through the creation of new accounts. 
How can I report a Code of Conduct violation?

If you see something, say something. If you see a hacker violating these rules, request Mediation Assistance via the HackerOne Support Portal.

What happens after I request Mediation Assistance with a Code of Conduct issue?

When assistance is requested with a Code of Conduct concern, the steps Mediation takes include:

  • Reviewing the specific concern reported
  • Reviewing relevant report(s)
  • Reviewing hacker history
  • Making an informed decision as to whether or not something falls under the Code of Conduct
  • Determining appropriate actions to take based on the ban matrix in our Code of Conduct and based on Code of Conduct history
  • Taking care of any outreaches to hackers who have violated the Code of Conduct


We hope that these updates to the Code of Conduct will help to improve understanding for hackers and customers alike in understanding what HackerOne expects from hackers to thrive on the platform. 

As always, we believe that feedback is a gift. If you have questions or requests for additional clarification, please submit Feedback via the HackerOne Support Portal

Previous Article
GUEST BLOG: Vulnerability Disclosure Adoption In The Consumer IoT space Is Lagging, But What About Elsewhere?
GUEST BLOG: Vulnerability Disclosure Adoption In The Consumer IoT space Is Lagging, But What About Elsewhere?

There is a lot of focus, rightly so, on the consumer IoT space. We have had a lot of incidents in the past ...

Next Article
FDA's New Cybersecurity Requirements: Are You Prepared as a Medical Device Manufacturer?
FDA's New Cybersecurity Requirements: Are You Prepared as a Medical Device Manufacturer?

Where To Begin? Companies submitting products for FDA approval must do the following: Provide details of ...