Advice Request HackerOne

Please provide comments and solutions that are helpful to the author of this topic.

D

Deleted member 65228

It's a really good platform and I definitely recommend it for people to check out.

I've used it for a private programme before and the user interface was nice and simple, notifications were nice and required data to receive rewards wasn't so bad. I've seen vendors require really intrusive data to send out rewards such as an online version of your real pass-port, but HackerOne won't request such. You'll have to sign an online document (digitally sign) if you accept payment bounty rewards and PayPal is also supported on the platform; you can also have your reward given to charity if you don't accept it as far as I am aware.

There's another good platform just like HackerOne which has been around for longer if I recall correctly called BugCrowd. I've also used that platform, and it's also really good. I definitely recommend checking out BugCrowd as well if you were interested in HackerOne. The support for BugCrowd is quite good in my opinion based on personal experience although I've never been required to request it for HackerOne so I can't comment on support for them.

Both HackerOne and BugCrowd support profile statistics in-case you're a competitive type. However on HackerOne, if you are using a private programme for submission, even though your rank will increase on your public profile, it may not necessarily increment the statistics for bugs found/thanks count.

There's different vulnerability programmes across each of those platforms (in terms of which vendors are there). AVG, Avira and SOPHOS are all definitely on BugCrowd though. Some vendors like Avast have their own vulnerability submission process where you rely on e-mail communication (with PGP encryption support - although not mandatory like with Zerodium).
 
Last edited by a moderator:

cruelsister

Level 42
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 13, 2013
3,133
I'm actually of two minds about this- it's really good that they are actively soliciting those that walk on the Darker Side of the Street, but on the other hand the remuneration is peanuts compared to operating as a "Consultant" to a place like Endgame. But on the other hand one does not need an arrest record to be taken seriously at HackerOne.

ps: I guess I should be politically correct- it's not selling exploit protection anymore, it's creating "vulnerability intelligence" software. Got to love it...

(the above comment contains musings from a Misspent Youth)
 
Last edited:

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top