HackerOne Reviews

Name: HackerOne
Brand: HackerOne
Rating: 4.2 (9 reviews)

Vendor: HackerOne

4.2 out of 5

9 reviews
83% willing to recommend

Leave a review

What is HackerOne?

HackerOne leads in offensive security with a platform that expertly identifies and remedies security vulnerabilities using AI and a vast researcher community. Trusted by industry giants, it integrates bug bounties, vulnerability disclosure, and code security in software development.

Get the HackerOne Buyer's Guide and find out what your peers are saying about HackerOne, SonarQube, Wiz and more!

HackerOne is the #2 ranked solution in top Bug Bounty Platforms, #2 ranked solution in top Penetration Testing Services, #8 ranked solution in top Attack Surface Management (ASM) solutions, #12 ranked solution in top AI Observability solutions, #18 ranked solution in application security solutions, and #30 ranked solution in top Vulnerability Management solutions. PeerSpot users give HackerOne an average rating of 8.4 out of 10. HackerOne is most commonly compared to SonarQube: HackerOne vs SonarQube. HackerOne is popular among the large enterprise segment, accounting for 48% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 12% of all views.

Helped 886,077 peers since 2012

Featured HackerOne reviews

Ruphus Muita

Senior ICT Security Consultant at Applied Principles Limited

I think HackerOne can be improved by allowing new users to gain access to certain programs that are only open to known, renowned users. Sometimes new users don't receive invites just because they are new, despite potentially being very skilled hackers, so I feel new users should get more chances and opportunities. I am currently satisfied with the rewards, response time, and other aspects of the platform, so I don't have anything else to add about the necessary improvements. I give HackerOne a nine out of ten because if new hackers are given more opportunities, it could be a perfect 10 for me. However, the reason I gave a nine is that I don't have much to complain about; I specifically love the program and don't have many concerns.

Read full review

Pranay Jain

Senior software developer at Simplifyvms

HackerOne's bug bounty programs are excellent, and penetration testing is also very good. Security testing of any application can be performed before launching a feature. HackerOne is a very good platform with the trust of different companies including Shopify, PayPal, and Uber. This creates a stronger brand perception and competitive market positioning.

Read full review

Jagdish SM

QA Engineering Lead at kintsugi

Triage response time is a significant issue. Many researchers are now sending reports, but there is considerable delay in responses. For example, I reported something last week that was a critical bug, but I received a reply after a month. During that month, if I had a vulnerability containing confidential customer details, I could use it and publish it on the black market. The response time and triage speed are not fast enough. This is causing many people to leave HackerOne. Another concern is that many companies delegate their triage part to HackerOne. As a HackerOne triager, something may look like a vulnerability to me, but they can close it as not applicable or anything else. However, when the company checks it themselves, they may find that it actually is a vulnerability. This happened to me before when they rejected a bug, but the company reviewed it and reopened it. There are many unfair things happening. Even though companies trust HackerOne triagers 100 percent, they should not because they leave out many unresolved issues.

Read full review

HackerOne mindshare

Product category:

As of April 2026, the mindshare of HackerOne in the Bug Bounty Platforms category stands at 37.7%, down from 39.7% compared to the previous year, according to calculations based on PeerSpot user engagement data.

Bug Bounty Platforms Mindshare Distribution
Product	Mindshare (%)
HackerOne	37.7%
Bugcrowd	33.7%
YesWeHack	12.1%
Other	16.5%

Bug Bounty Platforms

PeerResearch reports based on HackerOne reviews

Type	Title	Date
Product	Reviews, tips, and advice from real users	Apr 8, 2026	Download
Comparison	HackerOne vs Bugcrowd	Apr 8, 2026	Download

Valuable Features

HackerOne's most valuable features include collaboration tools and customizable bounty programs, which attract quality insights. Quick response times motivate users. The AI capabilities and easy user interface enhance usability. A wide array of programs offers variety for different sectors like mobile and API. Speedy verification, direct communication, and strong integration options are favored. Reputation and trust from companies like Shopify or Uber add value. The platform provides a secure practice environment for beginners in the community.

"If you have a very critical vulnerability, some good companies will acknowledge it and pay you accordingly based on severity."
"Using HackerOne has definitely improved the security of my web application, identifying security gaps I didn't realize as a web developer."
"HackerOne is a very good platform with the trust of different companies including Shopify, PayPal, and Uber, which creates a stronger brand perception and competitive market positioning."

Room for Improvement

HackerOne requires improvements in triage response time, as it is too slow and affects user engagement. Triage decisions can be inconsistent, sometimes leading to issues being incorrectly closed. New researchers face challenges in gaining invites due to older researchers being favored. The platform struggles with automatic identification of duplicate findings, needs better communication visibility between triagers and programs, should enhance integration and automation features, and improve opportunities for skilled new users.

"Triage response time is a significant issue. The response time and triage speed are not fast enough, and this is causing many people to leave HackerOne."
"HackerOne provides a "HackBot" which helps identify other relevant reports, including duplicates, public reports from other companies, etc. However, the functionality is limited and it would be nice to integrate it with broader services offered like auto responses, triggers, etc."
"However, I reduced my rating by one mark because a proper internal triage team should be in place, not as a replacement for internal security controls."

ROI

ROI from HackerOne varies significantly. It is high when no investment is required beyond time and effort, especially for major hackers using automation. While some find ROI low due to lengthy report submission with no returns, others benefit from substantial gains because there are no upfront costs; expenses vary with different factors. Certain users recognize immense value from identifying security issues they hadn't previously considered.

Pricing

Users report no initial costs for independent use of HackerOne, as the platform allows bug bounty hunters to hunt and submit bugs for free. However, HackerOne charges a 20% commission on awards. Some mention a subscription option for larger enterprises, indicating potential charges for premium features or large-scale implementation.

"The solution is free."
"The tool is open-source and free for bug bounty hunters."

Popular Use Cases

Organizations use HackerOne for security testing, identifying vulnerabilities, and vulnerability coordination. They engage with ethical hackers to conduct penetration tests, report bugs, and manage bug bounty programs. HackerOne facilitates responsible vulnerability disclosure, ensuring reports from external sources are triaged and addressed according to criticality and SLA-driven remediation. It enables efficient collaboration for cloud and enterprise infrastructures, allowing teams to track issues and implement fixes, thereby enhancing system security and protecting customer data.

Service and Support

HackerOne's customer service is generally responsive, with many levels of support. High-tier users appreciate the priority support and fast response times. Some mention unfavorably that technical support has slowed compared to the past, but responsiveness remains good. Many have not had to contact support frequently, though some value interaction from various company levels, including co-founders. Collaboration with ethical hackers is noted as effective, helping fill in detail gaps when necessary.

Deployment

HackerOne's initial setup is simple and straightforward, deserving a high rating of nine out of ten by users. No complexities arise during this process. As a SaaS model, there is no installation required. Users appreciate logging in and immediately accessing the opportunities page with readily available projects. Companies using HackerOne opt for subscriptions and manage payouts for bounty offers. It is hassle-free since HackerOne manages ownership, hosting, and backend operations.

Scalability

HackerOne demonstrates high scalability, accommodating many programs and clients. It supports an increasing number of users and submissions effectively. Organizations appreciate the ability to adjust data scale easily and enlist numerous hackers for testing. However, scalability is primarily beneficial for registered users, not the general public. HackerOne also adapts to evolving security requirements, increasing its relevance for entities relying on its platform.

Stability

Some users experienced downtime and inadequate response from HackerOne, mentioning occasional stability issues. Meanwhile, many users reported no stability problems, praising it for smooth and reliable performance without significant bugs or breakdowns. Several found HackerOne consistently dependable with no complaints about uptime.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our HackerOne Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	4
Large Enterprise	4

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	153
Midsize Enterprise	64
Large Enterprise	203

By visitors reading reviews

Top industries

By visitors reading reviews

Comms Service Provider

12%

Financial Services Firm

11%

Computer Software Company

10%

Manufacturing Company

10%

Construction Company

Media Company

Outsourcing Company

University

Educational Organization

Government

Retailer

Healthcare Company

Wholesaler/Distributor

Performing Arts

Real Estate/Law Firm

Energy/Utilities Company

Insurance Company

Non Profit

Logistics Company

Transportation Company

Hospitality Company

Aerospace/Defense Firm

Consumer Goods Company

Legal Firm

Leisure / Travel Company

Recreational Facilities/Services Company

Marketing Services Firm

Compare HackerOne with alternative products

Learn more about HackerOne

The HackerOne Platform offers a comprehensive suite of services, combining advanced AI technology with the skills of a global security researcher community to address complex security challenges. It facilitates an understanding of vulnerabilities, promoting better remediation practices across software lifecycles. Notable clients include Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and U.S. Department of Defense. Recognized for innovation and workplace excellence, HackerOne continues to set standards in security solutions.

What key features does HackerOne offer?

Skilled Hacker Community: Access a large pool of expert security researchers.
Third-Party Integrations: Seamless compatibility with various tools like payment systems and project management applications.
Bug Bounty Programs: Incentivized vulnerability discovery across industries.
Direct Communication: Facilitates dialogue for better understanding of vulnerabilities.
Safe Practice Environments: Supports learning for both beginners and seasoned professionals.

Why is HackerOne beneficial for your needs?

Speed of Delivery: Quickly identifies and resolves security issues.
Responsive Support: Reliable assistance enhances user experience.
Transparency in Communication: Clear reporting processes aid in issue resolution.
Income Opportunities: Bug bounties offer financial incentives.

HackerOne finds significant applications in various sectors with its focus on vulnerability assessment, testing, and responsible disclosure. Organizations utilize it for ethical hacking and efficient vulnerability coordination, making it essential in cybersecurity strategies. The platform's reliability is evident in its ability to identify and document security threats effectively.

HackerOne was previously known as HackerOne Assets, HackerOne Pentesting Services, HackerOne Security Assessments, HackerOne Vulnerability Management.

HackerOne customers

Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and the U.S. Department of Defense

HackerOne Reviews Summary
Author info	Rating	Review Summary
Senior ICT Security Consultant at Applied Principles Limited	4.5	I use HackerOne for bug submissions, especially race conditions, and appreciate its simple interface, fast responses, and filtering options. It’s reliable and motivating, though I wish new users had more access to private programs.
Senior software developer at Simplifyvms	4.5	I’ve used HackerOne for four years to run scalable, stable bug bounties and pentests, helping find critical issues before release, with good priority support and ROI. I’d like stronger internal triage alongside internal controls; overall I rate it 9/10.
QA Engineering Lead at kintsugi	3.0	I use HackerOne for security testing, valuing its collaboration and bounty potential. Yet, slow triage, unreliable triagers, and low ROI are major issues. These concerns, plus stability problems, led me to now prefer Intigriti.
Senior Security Professional at Oportun, Inc.	4.0	I've found HackerOne effective for managing bug bounties, with valuable AI and customizable features, though it lacks automatic duplicate detection. Overall, it's a solid fit for us, offering good collaboration and cost-effectiveness. I'd rate it 8/10.
dApp Auditor at Hacken	4.5	I use HackerOne for finding and reporting vulnerabilities, benefiting from its larger platform and better reputation. Although rewards are substantial and costless, newer researchers face challenges with invitations, and the process has become slower compared to other platforms.
SAP Security and GRC Consultant at Skillmine Technology Consulting	4.5	I use HackerOne for freelancing, doing penetration testing on websites and earning through bug bounties. It's user-friendly, offers practice environments, but could improve by recognizing duplicate reports. It's more efficient than Bugcrowd due to quicker response times and simpler reporting.
Security Engineer at a financial services firm with 10,001+ employees	4.5	I use HackerOne in my downtime to earn extra cash alongside my full-time job. I appreciate its direct contact for issue resolution, though visibility into triager-program communications would improve understanding. I haven't used other solutions before HackerOne.
Lead Developer at a government with 1,001-5,000 employees	5.0	HackerOne significantly improved my app's security and streamlined operations through its skilled hacker community and payment integrations. I value their responsive support, although I desire more out-of-the-box integration options beyond Slack for broader functionality.

Title	Rating	Mindshare	Recommending
SonarQube	4.0	N/A	84%	135 interviews Add to research
Wiz	4.4	N/A	97%	40 interviews Add to research

HackerOne Reviews

What is HackerOne?

Featured HackerOne reviews

HackerOne mindshare

PeerResearch reports based on HackerOne reviews

Valuable Features

Room for Improvement

ROI

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare HackerOne with alternative products

Learn more about HackerOne

HackerOne customers

Product Categories

Popular Comparisons