HackerOne

• Home
• Collateral
• Products
• Additional Info

HackerOne Clear & Gateway

HackerOne Clear and HackerOne Gateway bring decreased risk and fine-tuned control to your security programs. Partner with proven, ID-verified, and background-checked security researchers with the skills and reputation to match your specific needs.... More Info Less Info





HackerOne Clear can be added to any HackerOne private program, bolstering your existing security efforts. Clear connects you with talented, ID-verified, and background-checked security researchers from our million-strong community, providing 24x7x365 coverage for your most sensitive internal assets.

Gateway brings crowdsourced security to your internal attack surfaces through IP whitelisting. It allows for program traffic to be routed through HackerOne’s proprietary VPN, capturing researcher traffic data and providing transparency on all testing activities.

https://www.hackerone.com/product/vetted-cyber-security-partner-clear 

Benefit from:

• Fully vetted access
• Proven success

Researchers vetted by Clear hail from over 60 countries and have identified more than 43,000 valid vulnerabilities, including over 8,600 critical and high-severity vulnerabilities. Specialized Clear researchers also have varying levels of US federal government clearances.

Gateway provides full visibility into your testing activities, giving you confidence in your coverage and transparency for your stakeholders.

• Thorough background checks for complete confidence

Clear gives even the most risk-averse organizations the confidence to bring third-party security researchers into their security programs. Clear screens researchers using background checks, digital click-through agreements, reputation scores, and Code of Conduct reviews, plus includes real-world skills validation to ensure researchers have the expertise to uncover high-impact vulnerabilities. Vetting even includes confirming clearance for Top Secret/Sensitive Compartmented Information (TS/SCI).

• Secure VPN for enhanced visibility and control

Gateway routes all security program traffic through HackerOne’s proprietary VPN, providing the additional traceability required in highly regulated industries. It even enables external security researchers to test internal or pre-production assets, with IP whitelisting and granular controls down to the individual researcher. Plus, Gateway features split tunnel, researcher-level segregation, and logging with SSL decryption.

• Transparency and control
  • Know your researchers: Partner with ID-verified and background-checked security researchers so you know they have the right skills and experience.
  • Ensure compliance: Comply with regulations, standards, and audit-based requirements.
  • Secure access: Provide access to assets behind the firewall by whitelisting HackerOne IPs.
  • Secure any scope: Enable secure testing across the most sensitive internal or external attack surfaces.
• Access the World's elite security researchers

Only the most elite security researchers are chosen to participate in HackerOne Clear programs. These experts have a pristine track record of following program policies, adhering to HackerOne’s Code of Conduct. Past reports must be comprehensive, clear, and complete. If a HackerOne program explicitly requires testing via the Gateway VPN, security researchers will adhere to that restriction, as well.



HackerOne Response

VULNERABILITY DISCLOSURE PROGRAM (VDP)
A vulnerability disclosure policy is the digital equivalent of “if you see something, say something.”... More Info Less Info





Vulnerability Disclosure Programs give hackers and security researchers clear guidelines for reporting security vulnerabilities to the proper person or team. The HackerOne platform makes it easy to establish an ISO 29147–compliant VDP and work directly with trusted hackers to resolve critical security vulnerabilities.

HackerOne pioneered responsible disclosure, based on the recommended practice outlined in the Cybersecurity Framework by the National Institute of Standards and Technology (NIST). Now, HackerOne has become the first hacker-powered security vendor to receive FedRAMP authorization.

Comprehensive attestation reports mean you can pass security audits with ease and show proof of compliance with frameworks like NIST SP 800-53 Rev. 5 and mandates like CISA Binding Operational Directive 20-01. Quickly access overall program metrics, including mean time to remediate (MTTR), level of vulnerability criticality, and evidence of vulnerability remediation based on the most current application information. White label your submission form to integrate your VDP with your brand.


HackerOne Bounty
Secure your applications with continuous testing by the largest army of ethical hackers. HackerOne supports private, public, time-bound, and virtual or in-person events, making it easy to ramp up gradually or focus on specific assets.... More Info Less Info



THE MOST TRUSTED BUG BOUNTY PROGRAM
Give your organization the edge with access to the planet’s most trusted and tightly vetted community of hackers.  Armed with the most comprehensive database of valid vulnerabilities, the ethical hacker community mitigates cyber risk for organizations across all industries and attack surfaces. With bug bounty programs for businesses, vulnerabilities are mapped against industry risk-scoring systems like OWASP Top 10, 2020 CWE Top 25, and CVSS.
FLEXIBLE SECURITY TESTING
Build a bounty program that fits your initiatives. With multiple bounty program models to choose from, you can engage with the hacking community in a way that gels with your security culture.
• Private, invite-only programs allow your reports to remain confidential.
• Public programs give you full access to our vast hacker community—now over 1 million strong.
• Time-bound programs combine structured testing with unstructured hacking.
• Virtual or in-person hacking events create a fun, dynamic, and educational environment to accelerate the discovery of critical vulnerabilities.


HackerOne Security Assessments

Test your organization's security preparedness. Whether you’re looking to reduce risk, launch a new product, or meet compliance requirements, our hackers provide critical insight into the security gaps that should top your priorities list.... More Info Less Info





Security Assessment Initiatives

• Compliance Testing: Pass audits without breaking a sweat by working with an expert vendor to assess your security posture against industry standards.
• Penetration Testing: Need proof of testing for a customer or vendor? HackerOne can deliver penetration tests tailored to your business goals and desired impact.
• Product Launch Testing: Get ahead of focused, time-constrained security testing for major initiatives such as product and feature releases.
• Cloud Migration Security Testing: Track and protect against misconfigurations as part of your cloud migration journey.
• Remote Access Testing: Identify vulnerabilities due to remote access and outdated or newly spun up work-from-home tools.

https://www.hackerone.com/product/security-assessments 

Please select up to up to (4) areas you provide solutions in: