

Veracode and HackerOne compete as security solutions, focusing on application security and vulnerability discovery, respectively. Veracode appears to have the upper hand due to its comprehensive feature offerings.
Features: Veracode delivers robust static and dynamic application security testing, easily integrates into developer workflows, and provides detailed compliance policy reporting. HackerOne is known for its crowd-sourced vulnerability assessments, leveraging a global ethical hacker community, and broadens its impact through versatile bug bounty programs.
Room for Improvement: Veracode could refine its user interface, simplify reporting features, and minimize false positives to enhance user-friendliness. HackerOne might improve the consistency of community-driven support, create structured customer support channels, and further enhance platform scalability to maintain high-quality service as its user base expands.
Ease of Deployment and Customer Service: Veracode offers a streamlined deployment process and consistent support, which makes it easier for customers to integrate into the development lifecycle. Although HackerOne's platform deployment is efficient, it largely depends on its community for issue resolution, making Veracode's structured support framework a more reliable choice for many users.
Pricing and ROI: Veracode adopts a straightforward pricing model, reflecting its comprehensive security solutions and resulting in significant ROI while requiring a substantial initial investment. HackerOne's pay-for-impact pricing provides flexibility, making it more budget-friendly for smaller organizations, yet organizations still benefit from proactive threat protection for continuous vulnerability coverage.
HackerOne provides strong value by helping organizations find vulnerabilities faster and reduce the higher costs associated with security breaches.
We receive rewards without needing to invest any money, so the return on investment is substantial.
For someone who is starting or in the middle, it is very difficult because you can spend 20 hours sending 20 reports but none of them gets anything.
The scanners of Veracode bring status of the weaknesses in the current infrastructure. It scans and provides reports regarding the servers, the network, and the applications running on those servers.
Regarding price, the evaluation should focus on how efficiently they will recover their investment, considering the time saved through the use of Veracode Fix, for example, and the ability to fix code at dev time compared to the problems faced when fixing after the product is already deployed.
We did see a return on investment with Veracode, as we segregated our remediation efforts, which reduced our time to delivery as well as the number of engineers needed to help us in delivering a secure solution.
We have priority support because we are a higher tier, and with high report volumes, the turnaround time is very good.
Technical support at HackerOne has slowed down considerably compared to four years ago.
The ease of collaboration with ethical hackers on HackerOne has been quite good.
Access to the engineering team is crucial for faster feedback on the product fix process.
I have communicated with the technical support of Veracode a couple of times, and this was a really great experience because these professionals know their material.
They share detailed information via email, including screenshots or further clarification about the issue.
It is a large platform with many programs and clients.
HackerOne is very scalable because we can put bounties for any number of hackers at the same time and test thoroughly.
It maintains a high signal-to-noise ratio and addresses scalability through infrastructure, triage services, and AI automation.
Cloud solutions are easier to scale than on-premise solutions.
It has a good capacity to scale effectively.
Implementing these features into our normal CI/CD was good, so I can say that scalability is really good.
HackerOne was down for some time and the response was not good.
If the Veracode server is down, we experience many issues during the scan.
I have observed that it is not that reliable in terms of security because Veracode was not able to find some security threats in our application that existed since the product was developed.
It's not that easy to onboard, but once they have been onboarded on the platform, and the pipeline configured alongside the product configured, it works effectively.
More advanced AI capabilities would help prioritize reports, reduce false positives, and speed up the validation.
There are no clear guidelines for being invited to programs and conferences.
Sometimes new users don't receive invites just because they are new, despite potentially being very skilled hackers, so I feel new users should get more chances and opportunities.
If it could be integrated directly with code repositories such as Bitbucket or GitHub, without the need to create a pipeline to upload and decode code, it would simplify the code scan process significantly.
We had issues with scanning large applications. Scanning took a lot of time, so we kept it outside the DevOps pipeline to avoid delaying deployments.
A nice addition would be if it could be extended for scenarios with custom cleansers.
The cost is rated as one since there is no need to pay anything, not even a fee or commission.
I have not experienced any costs since I use HackerOne independently, just logging into the site, hunting bugs, and submitting them without any expenses.
It's not the most expensive solution.
Overall, Veracode's pricing is lower and more scalable than many alternatives in the market.
If there's a security gap, you'll never know the cost or effect.
It has a very simple user interface, and it gives you a quick response—if you submit a bug, someone reaches out to you within minutes, telling you they will verify the bug, and it can be verified in just a few days, sometimes even less than a day, which stands out for me.
HackerOne is a very good platform with the trust of different companies including Shopify, PayPal, and Uber.
I find bug bounty programs most valuable for our organization because they invite researchers from around the globe to find bugs in our environment, allowing us to fix various severity vulnerabilities or bugs that, if left unaddressed, could lead to losing customers.
It offers confidence by preventing exposure to vulnerabilities and helps ensure that we are not deploying vulnerable code into production.
The best features in Veracode include static analysis and the early detection of vulnerable libraries; it integrates with tools such as Jenkins.
It fixes issues directly in the IDE while you're doing it.
| Product | Mindshare (%) |
|---|---|
| Veracode | 4.3% |
| HackerOne | 0.8% |
| Other | 94.9% |

| Company Size | Count |
|---|---|
| Small Business | 7 |
| Midsize Enterprise | 1 |
| Large Enterprise | 7 |
| Company Size | Count |
|---|---|
| Small Business | 69 |
| Midsize Enterprise | 46 |
| Large Enterprise | 114 |
HackerOne is an industry leader in offensive security, enabling companies to identify and resolve vulnerabilities using AI and a global community of researchers. Trusted by top organizations, HackerOne enhances the software development lifecycle with comprehensive security testing.
HackerOne combines artificial intelligence with a diverse community of skilled security researchers to fortify digital ecosystems. Offering bug bounty programs, vulnerability disclosure, pentesting, and AI red teaming, HackerOne supports renowned clients like General Motors, GitHub, and the U.S. Department of Defense. Its intuitive platform simplifies vulnerability reporting and tracking, providing seamless integration with third-party tools. HackerOne's role in protecting company assets is underlined by notable accolades, achieving recognition as a Best Workplace for Innovators and a coveted spot as a Most Loved Workplace for Young Professionals.
What key features does HackerOne offer?HackerOne is widely utilized across industries for comprehensive security testing and vulnerability management. By allowing companies to coordinate with ethical hackers, they effectively address security flaws in websites and applications. This coordination aids in regulatory compliance, protects customer trust, and serves as a central communication medium for enhancing security postures.
Veracode is a leading provider of application security solutions, offering tools to identify, mitigate, and prevent vulnerabilities across the software development lifecycle. Its cloud-based platform integrates security into DevOps workflows, helping organizations ensure that their code remains secure and compliant with industry standards.
Veracode supports multiple application security testing types, including static analysis (SAST), dynamic analysis (DAST), software composition analysis (SCA), and manual penetration testing. These tools are designed to help developers detect vulnerabilities early in development while maintaining speed in deployment. Veracode also emphasizes scalability, offering features for enterprises that manage a large number of applications across different teams. Its robust reporting and analytics capabilities allow organizations to continuously monitor their security posture and track progress toward remediation.
What are the key features of Veracode?
What benefits should users consider in Veracode reviews?
Veracode is widely adopted in industries like finance, healthcare, and government, where compliance and security are critical. It helps these organizations maintain strict security standards while enabling rapid development through its integration with Agile and DevOps methodologies.
Veracode helps businesses secure their applications efficiently, ensuring they can deliver safe and compliant software at scale.
We monitor all Application Security Tools reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.