For customers and hackers, the triage experience is central to hacker-powered security. Our triagers consist of a globally distributed team of security analysts that triage vulnerabilities across HackerOne customers. We understand that success is achieved by balancing feedback received across all stakeholders, and our newest feature release, triage ratings, exemplifies our commitment to delivering the best possible experience for customers and hackers.
Triage Ratings allows HackerOne to measure performance, identify focus areas, and drive improvement. After each vulnerability report, hackers and customers are given the opportunity to rate the overall report and triage experience from a scale of one through five, with the option to provide detailed comments to the internal HackerOne team. With HackerOne overseeing record growth in submission volumes, it’s important to have a process in place that encourages continuous improvement and feedback from users.
If you’re a customer
The triage team acts as an extension of the security team and decides if reports submitted by hackers are legitimate, in-scope, and reproducible. The HackerOne triage team can assist on a number of dimensions, including filtering noise, de-duplicating reports, working with hackers to clarify details, helping with bounty amounts, and managing communication within the report. This frees up your security team to focus on fixing verified vulnerabilities.
Over the last month, we’ve received hundreds of customer responses with an average response of 4.6/5 rating score. Our management team takes each rating into account as we make improvements to the triage workflow.
If you’re a hacker
We’ve heard you -- this feature is your opportunity to provide direct feedback about triage. One of the most important parts of triage is handling communication and hacker expectations. We want to know.
“A formal feedback channel makes it so much easier for hackers to communicate what’s working vs not working in the triage process and demonstrates that HackerOne is listening to the community as they continue to make improvements," said Juho, a hacker within the HackerOne community.
Higher hacker satisfaction leads to higher engagement in programs, benefitting all stakeholders involved. The aggregation of these ratings provides us with a real-time view of how our triage team is performing and highlights areas for improvement. HackerOne is committed to transparency and improving satisfaction across hackers and customers through a 360 feedback loop by being the first crowdsourced security platform to measure triage performance and reviews.
This feature is now enabled for all customers and hackers within managed programs. We look forward to hearing from you!
