VPAT®1 Version 2.4 – February 2020
Name of Product/Version: HackerOne Bug Bounty & Vulnerability Disclosure Platform ("HackerOne Platform")
Report Date: September 16, 2020
Product Description: The HackerOne Platform is a platform for an improved security coordination process. Security teams use HackerOne to implement their vulnerability disclosure policy and host bug bounty programs. The platform will communicate the procedures of how to discover and report security vulnerabilities in accordance with industry best practices.
Contact Information: https://www.hackerone.com/contact
Evaluation Methods Used: Accessibility testing consisted of but was not limited to: automated testing, extensive manual testing, general product knowledge, etc.
Applicable Standards/Guidelines: See below.
This report covers the degree of conformance for the following accessibility standard/guidelines:
Standard/Guideline | Included in Report |
Level A (Yes) | |
(Yes) |
Terms
The terms used in the Conformance Level information are defined as follows:
Supports: The functionality of the product has at least one method that meets the criterion without known defects or meets with equivalent facilitation.
Partially Supports: Some functionality of the product does not meet the criterion.
Does Not Support: The majority of product functionality does not meet the criterion.
Not Applicable: The criterion is not relevant to the product.
Not Evaluated: The product has not been evaluated against the criterion. This can be used only in WCAG 2.0 Level AAA.
WCAG 2.0 Report
Tables 1 and 2 also document conformance with Revised Section 508:
Chapter 5 – 501.1 Scope, 504.2 Content Creation or Editing
Chapter 6 – 602.3 Electronic Support Documentation
Note: When reporting on conformance with the WCAG 2.0 Success Criteria, they are scoped for full pages, complete processes, and accessibility-supported ways of using technology as documented in the WCAG 2.0 Conformance Requirements.
Table 1: Success Criteria, Level A
Criteria | Conformance Level | Remarks and Explanations |
1.1.1 Non-text Content (Level A)
| Web: Supports | Web: The HackerOne Platform has no known accessibility issues. Non-text content provides discernible/accessible labels and name markup. |
1.2.1 Audio-only and Video-only (Prerecorded) (Level A)
| Web: Not Applicable | Web: There is no content to which success criterion applies. Audio and video media are not used. |
1.2.2 Captions (Prerecorded) (Level A)
| Web: Not Applicable | Web: The HackerOne Platform has no prerecorded audio content in synchronized media, except when the media is a media alternative for text and is clearly labeled as such. |
1.2.3 Audio Description or Media Alternative (Prerecorded) (Level A)
| Web: Supports | Web: There is no content to which success criterion applies. Audio and video media are not used. |
1.3.1 Info and Relationships (Level A)
| Web: Supports | Web: No known accessibility issues. Semantic mark-up (e.g. landmarks, headings, labels) are provided. |
1.3.2 Meaningful Sequence (Level A)
| Web: Supports | Web: No known accessibility issues. Pages follow a logical reading sequence. |
1.3.3 Sensory Characteristics (Level A)
| Web: Supports | Web: No known accessibility issues. Descriptive mark-up (e.g. button text, tool-tips, alt tags) are provided. |
1.4.1 Use of Color (Level A)
| Web: Supports | Web: The HackerOne Platform does not use color anywhere as the sole indicator of functionality. |
1.4.2 Audio Control (Level A)
| Web: Supports | Web: There is no content to which success criterion applies. Audio media is not used. |
2.1.1 Keyboard (Level A)
| Web: Partially Supports | Web: Most forms support keyboard shortcuts though some functionality requires a pointer. |
2.1.2 No Keyboard Trap (Level A)
| Web: Supports | Web: No known accessibility issues. User focus can be moved away from any component using keyboard tab keys. |
2.2.1 Timing Adjustable (Level A)
| Web: Partially supports | Web: There are some newer features within the pentest component that require a user to submit content within a time limit. This is not adjustable by the user. |
2.2.2 Pause, Stop, Hide (Level A)
| Web: Supports | Web: No known accessibility issues. Pages do not have any moving, blinking, scrolling, or auto-updating information. |
2.3.1 Three Flashes or Below Threshold (Level A)
| Web: Supports | Web: No known accessibility issues. Pages do not include any flashing elements. Thank goodness we're out of the 90s! |
2.4.1 Bypass Blocks (Level A)
| Web: Supports | Web: The HackerOne Platform does not have any repetitive content where a skip or bypass functionality would be necessary. |
2.4.2 Page Titled (Level A)
| Web: Supports | Web: No known accessibility issues. Pages are labeled with descriptive titles. |
2.4.3 Focus Order (Level A)
| Web: Supports | Web: No known accessibility issues. Page elements follow a logical focus order. |
2.4.4 Link Purpose (In Context) (Level A)
| Web: Supports | Web: No known accessibility issues. Page links are labeled with descriptive text. |
3.1.1 Language of Page (Level A)
| Web: Supports | Web: No known accessibility issues. Page markup indicates English for default language. |
3.2.1 On Focus (Level A)
| Web: Supports | Web: No known accessibility issues. Context does not change on page element focus. |
3.2.2 On Input (Level A)
| Web: Supports | Web: No known accessibility issues. Page context does not change on user input. |
3.3.1 Error Identification (Level A)
| Web: Supports | Web: No known accessibility issues. When applicable, form pages provide error condition messaging text. |
3.3.2 Labels or Instructions (Level A)
| Web: Supports | Web: No known accessibility issues. When applicable, web form pages provide self-describing labels and/or instructional text. |
4.1.1 Parsing (Level A)
| Web: Supports | Web: No known accessibility issues. Elements are nested according to their specifications, elements do not contain duplicate attributes, and any IDs are unique, except where the specifications allow these features. |
4.1.2 Name, Role, Value (Level A)
| Web: Partially Supports | Web: Name and value attributes on elements in most cases is discernible; role is sometimes absent. |
Table 2: Success Criteria, Level AA
Criteria | Conformance Level | Remarks and Explanations |
1.2.4 Captions (Live) (Level AA)
| Web: Not Applicable | Web: There is no content to which success criterion applies. Live audio content is not used. |
1.2.5 Audio Description (Prerecorded) (Level AA)
| Web: Not Applicable | Web: There is no content to which success criterion applies. Prerecorded video content is not used. |
1.4.3 Contrast (Minimum) (Level AA)
| Web: Supports | Web: No known accessibility issues. Contrast minimums are supported. |
1.4.4 Resize Text (Level AA)
| Web: Partially Supports | Web: No known accessibility issues. 200% zoom factor is supported and on most pages looks proper. |
1.4.5 Images of Text (Level AA)
| Web: Supports | Web: No known accessibility issues. |
2.4.5 Multiple Ways (Level AA)
| Web: Partially Supports | Web: In most cases there is more than one route to any given page. |
2.4.6 Headings and Labels (Level AA)
| Web: Supports | Web: No known accessibility issues. Descriptive heading and label markup is provided. |
2.4.7 Focus Visible (Level AA)
| Web: Supports | Web: No known accessibility issues. Focus indicator is natively provided via major browser software vendors. |
3.1.2 Language of Parts (Level AA)
| Web: Supports | Web: No known accessibility issues. Page markup indicates English for default language. |
3.2.3 Consistent Navigation (Level AA)
| Web: Supports | Web: No known accessibility issues. Consistent page-to-page navigation is provided via our top nav. |
3.2.4 Consistent Identification (Level AA)
| Web: Supports | Web: No known accessibility issues. Consistent identification applied to components across pages. |
3.3.3 Error Suggestion (Level AA)
| Web: Supports | Web: No known accessibility issues. When applicable, form pages provide error suggestion text. |
3.3.4 Error Prevention (Legal, Financial, Data) (Level AA)
| Web: Supports | Web: These actions are either checked or confirmed. |
Table 3: Success Criteria, Level AAA
Notes: Section removed, as it does not apply to Revised Section 508
Revised Section 508 Report
Notes:
Chapter 3: Functional Performance Criteria (FPC)
Notes:
Criteria | Conformance Level | Remarks and Explanations |
302.1 Without Vision | Supports | Accessible mark-up utilized for screen readers. |
302.2 With Limited Vision | Supports | Accessible mark-up utilized for screen readers. |
302.3 Without Perception of Color | Supports | No input depends on perception of color. |
302.4 Without Hearing | Supports | No dependency on sound. |
302.5 With Limited Hearing | Supports | No dependency on sound. |
302.6 Without Speech | Supports | No dependency on sound. |
302.7 With Limited Manipulation | Supports | No place to input speech. |
302.8 With Limited Reach and Strength | Supports | Screen reader support, mouse, and keyboard only operation are provided. |
302.9 With Limited Language, Cognitive, and Learning Abilities | Supports | Simple design, ease of use in mind. |
Chapter 4: Hardware
Notes: Section removed. Not applicable. The HackerOne Platform is a web-only application.
Chapter 5: Software
Notes: Section removed. Not applicable. The HackerOne Platform is a web-only application.
Chapter 6: Support Documentation and Services
Notes: Section removed. Not applicable. The HackerOne Platform is a web-only application.
Legal Disclaimer
This document is provided for information purposes only and the contents hereof are subject to change without notice. HackerOne does not warrant that this document is error free, nor does it provide any other warranties or conditions, whether expressed orally or implied in law, including implied warranties and conditions of merchantability or fitness for a particular purpose. HackerOne specifically disclaims any liability with respect to this document and no contractual obligations are formed either directly or indirectly by this document. HackerOne further makes no representation concerning the ability of assistive technologies or other products to interoperate with HackerOne products.
"Voluntary Product Accessibility Template" and "VPAT" are registered service marks of the Information Technology Industry Council (ITI).↩