The Homepage serves as a comprehensive hub, offering a clear overview of your organization’s current status, pinpointing areas requiring your attention, and delivering valuable insights into your program's performance. The filter button at the top of the page allows you to select which program(s) you want to include in the view, so you can either see data for one program or understand combined program performance (note: you will only see data for programs you are a member of).

To find the Homepage, click Home in the left navigation.

Program Overview

This section provides visualizations to help you understand your program’s current status. Click the Edit icon at the top of the page to customize your view—settings will only apply to your account, not your organization as a whole. Available options include:

Visualization label	Description
Open submissions	Gives you an at-a-glance understanding of how many open submissions you currently have, and the amount in each report state.
Triaged submissions	Gives you an at-a-glance understanding of the severity of reports that have been triaged. This can help you prioritize your work by responding first to high and critical severity reports, especially if they are on highly trafficked assets.
Critical/high signal (last 90d)	Tells you which proportion of your submissions are higher severity for the last 90 days so you can determine if you need to take action to encourage hackers to find higher severity vulnerabilities (for example, by increasing bounty competitiveness). Calculated by high & critical submissions / total submissions. The goal for a healthy program is 15% or higher.
Hackers submitting reports (last 90d)	Gives you an understanding of hacker engagement in your program, so you can determine if you need to take action to increase hacker engagement (for example, by running a Campaign). Includes total reports (valid and invalid). Comparison is to the same timeframe the previous year (YoY).
Open mediations	Tells you if you have open cases so you know to check in with the reports in question.
Remediation rate (last 90d)	Measures your program’s effectiveness in remediating vulnerabilities over the past 90 days. This metric is calculated as the percentage of retests marked “Fixed” out of all retests requested (Fixed, Not Fixed, Pending, or Not Certain). Note: This requires using the "Request retest" feature in the inbox.
Reports on target (last 90d)	Shows how well your program meets report targets—a key factor in attracting new hackers. Calculated as the percentage of reports that meet targets for first response, triage, bounty, and resolution times, compared to the previous quarter (QoQ) to reflect absolute change.
Rewards paid (all time)	Tells you how much you have paid out in rewards since your program’s inception. Calculated based on actual payments distributed, not the reports submitted.
Rewards paid (last 90d)	Tells you how much you have paid out in rewards in the last 90 days. Calculated based on actual payments distributed, not the reports submitted. Comparison is made to the same timeframe as the previous year (YoY).
Submissions (last 90d)	Tells you how many submissions your program has received in the last 90 days. Calculated based on the date the report was submitted. Comparison is made to the same timeframe as the previous year (YoY).
Surface coverage (last 90d)	Shows how well your program meets report targets—a key factor in attracting new hackers. Calculated as the percentage of reports that meet targets for first response, triage, bounty, and resolution times, compared quarter-over-quarter (QoQ) to reflect absolute change.

Note on data retrieval: All data is calculated based on UTC (Coordinated Universal Time), so when calculations show the last 90 days, they may not fully encompass your local "today.” Occasionally, due to data pipeline delays, the donut charts or data cards may temporarily display slight discrepancies with the inbox totals.

Upcoming Events

This widget shows data for the following events. They will appear 90 days before the event and disappear the day after the event.

Engagement	Event type
Campaigns	Campaign starting
	Campaign ending
Pentests	Pentest starting (estimated)
	Pentest ending (estimated)
	Pentest reporting starts (estimated)
	Pentest remediation starts (estimated)
Spot Checks	Spot check starting

Actionable Reports

The Actionable Reports table shows the reports that need your most immediate attention.

Missed targets: These are reports that have missed a Response Target, including Time to First Response, Time to Triage, Time to Bounty, or Time to Resolution.
Approaching targets: These are reports that are reaching a Response Target, including Time to First Response, Time to Triage, Time to Bounty, or Time to Resolution. A target is “approaching” if it will expire within 12 hours.
New & unassigned reports: These are reports that are both in the “New” state and do not yet have an assignee.
Retests ready for review: These are reports in which you’ve requested a retest and the retest is ready for your review and approval.
New hacker comments: These are reports with unread comments from hackers. To view them, make sure you’re subscribed to program notifications in your User Settings and have enabled “Comments by hackers." You must also be listed as a participant on the report.
Auto-disclosing in 5 days: These are reports that will auto-disclose within the next five days. Per the disclosure criteria, if the disclosure is neither approved nor denied, a report in the Resolved state will automatically default to disclosure within 30 days.

Recommendations - Beta

Recommendations is an interactive tool that delivers personalized insights and actionable suggestions to maximize your program's effectiveness and strengthen security through HackerOne.

Updated monthly, each recommendation offers a clear action plan, outlining suggested steps, potential benefits, and supporting data or metrics.

To implement a recommendation, simply follow the outlined steps or reach out to your HackerOne Account Manager or Customer Success Manager for assistance.