No more typing reviews! Try our Samantha, our new voice AI agent.

CompassOne by Blackpoint Cyber vs HackerOne comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 3, 2026

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Qualys TotalCloud
Sponsored
Ranking in Vulnerability Management
11th
Average Rating
8.6
Reviews Sentiment
7.3
Number of Reviews
39
Ranking in other categories
Container Security (11th), Cloud Workload Protection Platforms (CWPP) (7th), Cloud Security Posture Management (CSPM) (8th), SaaS Security Posture Management (SSPM) (1st), Cloud-Native Application Protection Platforms (CNAPP) (6th)
CompassOne by Blackpoint Cyber
Ranking in Vulnerability Management
47th
Average Rating
9.0
Reviews Sentiment
7.8
Number of Reviews
5
Ranking in other categories
Security Information and Event Management (SIEM) (37th), Endpoint Detection and Response (EDR) (39th), Application Control (10th), Managed Detection and Response (MDR) (11th), Identity Threat Detection and Response (ITDR) (14th)
HackerOne
Ranking in Vulnerability Management
35th
Average Rating
8.4
Reviews Sentiment
6.9
Number of Reviews
11
Ranking in other categories
Application Security Tools (18th), Bug Bounty Platforms (1st), Penetration Testing Services (2nd), Attack Surface Management (ASM) (6th), AI Observability (15th)
 

Mindshare comparison

As of July 2026, in the Vulnerability Management category, the mindshare of Qualys TotalCloud is 1.1%, up from 1.0% compared to the previous year. The mindshare of CompassOne by Blackpoint Cyber is 0.4%, up from 0.0% compared to the previous year. The mindshare of HackerOne is 0.8%, up from 0.3% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Vulnerability Management Mindshare Distribution
ProductMindshare (%)
Qualys TotalCloud1.1%
HackerOne0.8%
CompassOne by Blackpoint Cyber0.4%
Other97.7%
Vulnerability Management
 

Featured Reviews

RO
IT Security Expert at Alior Bank S.A.
Unified risk scoring has improved our cloud visibility and simplifies remediation priorities
Qualys TotalCloud provides unified vulnerability and threat assessment across both IAS and SaaS. This solution provides a single prioritized view of risk, which helps reduce the work I would have to do. We are no longer based on CVSS; we are based on Qualys risk scoring, which is based on CVSS plus internal findings made by Qualys, and then assigns its own score. The TruRisk insight feature has found a small number of assets with high vulnerability scores, though I am cautious since some information is classified. Qualys TotalCloud has positively impacted our bank's performance, and we have definitely seen benefits after implementing this solution.
Gary Herbstman - PeerSpot reviewer
Owner at Byte Solutions Inc.
Experienced reduced alert fatigue with streamlined notifications
We use Blackpoint Cyber MDR for our higher-end clients who need a higher level of control over security I appreciate that there are people behind the scenes sorting out valuable alerts from those that are not, so I only get alerts when they are real. This feature ensures that I am notified only…
NitishKumar - PeerSpot reviewer
Consultant at a manufacturing company with 10,001+ employees
Crowdsourced security has strengthened our bug discovery and improved vulnerability response
HackerOne is already doing well, although I believe implementing stricter SLAs for the time to first response and time to bounty would help prevent researchers' burnout, especially regarding duplicate submissions. I suggest systematic bug rewards because currently, if a researcher finds one bug in multiple places, they often only get paid for one. Improving the handling of systemic vulnerabilities would encourage deeper research. Additionally, improving multi-currency and crypto payout options would help make the platform more accessible globally.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Qualys TotalCloud provides unified vulnerability and threat assessment for IaaS and SaaS and a single prioritized view of risk, which helps reduce my workload by not having to combine multiple sources."
"I would definitely recommend Qualys TotalCloud to other customers."
"I would definitely recommend it because it is easy to handle any cloud resources."
"While automatic inventory detection upon connection is a helpful feature, a truly valuable capability would be assessing an environment's security posture against Azure and CIS best practices."
"Qualys TotalCloud's most valuable feature is its agent versatility."
"Its excellent graphical interface makes the scanning process simple."
"Once you have your vulnerabilities fixed and your patches pushed out using Qualys TotalCloud, then you are able to eliminate threats and cyber risk."
"Vulnerability and threat detection and assessment of the criticality of the vulnerabilities exposed are most valuable."
"The solution is all encompassing and can incorporate email monitoring."
"I appreciate that there are people behind the scenes sorting out valuable alerts from those that are not, so I only get alerts when they are real."
"The solution also watches over Microsoft 365 and keeps a copy of logs."
"Their SOC is phenomenal in not monitoring and responding and taking action."
"On my end, the most valuable feature of this solution is that I can install it and forget about it. After that, their SOC team takes over and they only call me when there's a problem."
"On a scale from one to ten, I would rate the overall solution as a ten."
"The most valuable feature of HackerOne is its variety of programs. These programs provide depth into various areas, such as mobile, API, and websites."
"HackerOne has been the right fit for our current situation from both a functionality and cost-effectiveness perspective."
"If you have a very critical vulnerability, some good companies will acknowledge it and pay you accordingly based on severity."
"One of the biggest strengths is combining a large community of ethical hackers with a structured platform that helps organizations discover, manage, and remediate security vulnerabilities efficiently."
"It helps me to get new sales, profits, and other benefits."
"I notice a return on investment through the group of researchers at HackerOne identifying vulnerabilities, saving us money, time, and manpower, with the efficiency of HackerOne allowing them to accomplish in three to four hours what would take two red teamers a whole day."
"HackerOne is a very good platform with the trust of different companies including Shopify, PayPal, and Uber, which creates a stronger brand perception and competitive market positioning."
"Using HackerOne has definitely improved the security of my web application, identifying security gaps I didn't realize as a web developer."
 

Cons

"We encountered challenges identifying the correct resource category for certain items, such as those in containers or storage."
"Regarding technical support from Qualys, they respond, but the response time can be too long. Sometimes we need to wait weeks for solutions to simple questions."
"Enhancing clarity regarding its compliance capabilities would be beneficial, as the current scope is limited in geographic coverage."
"An area for improvement would be to focus on risks related to AI, such as large language models and potential data leakage."
"Qualys TotalCloud needs to improve its accuracy for non-Windows operating systems."
"The response part of the Cloud Detection and Response (CDR) module can be improved."
"There is room for improvement in vulnerability scanning, particularly for PaaS environments. Currently, Qualys does not have full access to these instances, which limits its effectiveness."
"The support process is inefficient due to the excessive number of replies required when submitting tickets."
"The interface could be more intuitive."
"While I am very satisfied with the service, supporting additional platforms, particularly Linux support, would be a beneficial improvement."
"The solution does not tie into other EDR products like CyberArk or CrowdStrike but that might be more useful."
"The interface could be more intuitive. More transparency is needed in the interface as a lot of details are hidden behind the scenes, making them difficult or impossible to access."
"Some texts seem to report items as normal too quickly."
"The feature we keep asking for is a vulnerability scan."
"However, some things can be improved, such as better report deduplication by automatically identifying duplicate vulnerability reports more accurately."
"Customer support can improve, as there are instances of ghosting that need to be addressed."
"Sometimes new users don't receive invites just because they are new, despite potentially being very skilled hackers, so I feel new users should get more chances and opportunities."
"However, I reduced my rating by one mark because a proper internal triage team should be in place, not as a replacement for internal security controls."
"HackerOne provides a "HackBot" which helps identify other relevant reports, including duplicates, public reports from other companies, etc. However, the functionality is limited and it would be nice to integrate it with broader services offered like auto responses, triggers, etc."
"Everything has become slower on HackerOne. I have noticed that older researchers receive all the private invites while newer ones receive fewer."
"The ability to view the conversation between the triagers and the programs will be really good."
"Everything has become slower on HackerOne."
 

Pricing and Cost Advice

"Although Qualys TotalCloud is relatively expensive due to its unique automation features, its cost-effectiveness is rated an eight out of ten, with ten being the most costly."
"Qualys TotalCloud is expensive."
"The cost is high, but it meets our organizational needs."
"Qualys TotalCloud is expensive, but it offers a premier solution with no headaches."
"Qualys TotalCloud offers good pricing that is affordable and competitive with the market. Our partnership also provides us with additional benefits."
"As a middle management member, I do not have direct pricing knowledge, but based on the knowledge from our meetings, its pricing is competitive."
"TotalCloud's price is about right where I would expect it to be."
"The pricing for TotalCloud is attractive and competitive in the market. Given the features, especially the dashboard, I have no concerns regarding pricing."
"The pricing is in line with other products."
"The pricing is reasonable."
"The tool is open-source and free for bug bounty hunters."
"The solution is free."
report
Use our free recommendation engine to learn which Vulnerability Management solutions are best for your needs.
902,894 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Manufacturing Company
17%
Financial Services Firm
14%
Construction Company
8%
Comms Service Provider
7%
Computer Software Company
10%
Financial Services Firm
9%
Healthcare Company
7%
Outsourcing Company
7%
Manufacturing Company
12%
Comms Service Provider
12%
Financial Services Firm
10%
Computer Software Company
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business9
Midsize Enterprise4
Large Enterprise29
No data available
By reviewers
Company SizeCount
Small Business7
Midsize Enterprise1
Large Enterprise7
 

Questions from the Community

What needs improvement with Qualys TotalCloud?
Areas that need improvement in every solution include the remediation part. The remediation steps should be simple en...
What is your primary use case for Qualys TotalCloud?
Our use case involves the assets that we have under cloud, the assets exposed to the internet, and the internal appli...
What needs improvement with Blackpoint Cyber MDR?
While I am very satisfied with the service, supporting additional platforms, particularly Linux support, would be a b...
What is your primary use case for Blackpoint Cyber MDR?
The solution serves as a baseline security offering. We have implemented it for every client that we do business with.
What is your experience regarding pricing and costs for HackerOne?
I'm not very sure about pricing, setup costs, and licensing, as those are managed by our management team.
What needs improvement with HackerOne?
HackerOne can be improved, and the insights can be a little better. I chose a nine for my rating because it has very ...
What is your primary use case for HackerOne?
My main use case for HackerOne is bug bounties and getting paid through that platform. Companies like Fastify and Ora...
 

Also Known As

Qualys TotalCloud with FlexScan
Blackpoint Cyber Managed Detection + Response, Blackpoint Cyber Managed Detection and Response
HackerOne Assets, HackerOne Pentesting Services, HackerOne Security Assessments, HackerOne Vulnerability Management
 

Overview

 

Sample Customers

Information Not Available
CoreRecon, Peerless Tech Solutions, Lorien Health
Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and the U.S. Department of Defense
Find out what your peers are saying about CompassOne by Blackpoint Cyber vs. HackerOne and other solutions. Updated: June 2026.
902,894 professionals have used our research since 2012.