Bug Bounty Platforms Features

Read what people say are the most valuable features of the solutions they use.
8800683f a1cc 422c 8579 1036bb5a4bb6 avatar
Peter Yaworski uses HackerOne
Lead Developer at a government with 1,001-5,000 employees
Using the platform as a Hacker and having run a time limited private bug bounty program, the features available are extensive. From the perspective of running a private bounty, the most valuable features include: 1. Access to an experienced and effective hacker community with measurable metrics on each. The hackers on the HackerOne platform come with a wide range of skills, with some providing general expertise and others with a broad base of knowledge. This results in reports on vulnerabilities which I had never considered or knew existed while developing my product. Additionally, the metrics help me quickly differentiate the credibility of the reports and how best to triage submissions. 2. Third party integrations, including payment systems and project management tools. HackerOne provides a number of easy to use options for paying hackers which makes it easier to do so, including handling their tax information and saving me the headaches of dealing with those details. Additionally, while I haven't tested it out yet, there is the option to integrate with third party tools like Slack which will help if my dev team grows. I've also spoken with other programs which are using these tools and integrated with private solutions, both of which have helped them manage their programs more effectively. 3. Speed. While they prepare you for it, it's amazing how quickly you get results on the platform. While not all reports result in code changes and some hackers do report invalid issues, once hackers start looking at your program, you quickly have lots to work with. From the perspective of being a hacker: 1. Direct dialogue with a company helps you better understand their needs and discuss how vulnerabilities can affect their business. This is particularly true of application logic bugs which only a company would have true insight into the potential severity of. 2. HackerOne support is responsive and open. Whether it be opportunities to improve the platform, difficulties communicating with programs or general questions, the team has always been quick to respond and it seems as though everyone is empowered to help you out, having received responses from a wide array of team members listed on their about page (including co-founders). 3. Wide array of programs, including those that can afford bounties / those that can't, healthcare / automotive / security, etc. sectors, code based / web applications / desktop applications, etc., charitable / private / public companies. All of this results in options on how you want to spend your time hacking and potentially give back to the broader community. View full review »

Sign Up with Email