This integration will sync data between HackerOne reports and ClickUp tasks. It helps your development and security teams stay aligned and contributes to a better workflow. Bidirectional ClickUp Integration is available to Professional & Enterprise customers.

Although we have the Redact feature, often reports need a bunch of redaction prior to disclosure, which is tedious. Introducing the “Detect sensitive data” button, a.k.a. the magic button! The Redact feature has these new updates:

We’ve introduced a new scope page in the program settings to

What is the Internet Bug Bounty? The IBB is a crowdfunded bug bounty program that rewards security researchers and maintainers for uncovering and remediating vulnerabilities in the open-source software that supports the internet.

Enrolling in the IBB is easy! BBPs can participate by populating the now-visible individual IBB bounty table available within their program settings (Program Settings > Rewards > Bounties). You are not enrolled until you select “Create table” to configure your IBB bounty table.

When exporting a PDF, select the ‘Redact names’ checkbox in the pop-up. You will see all names and usernames have been redacted from the PDF. To use this feature, ask your PM to enable the redact_usernames feature flag from Support App.

Previously, users could only manage their credentials within the platform. This meant adding new credentials exclusively through CSV files. However, considering that many credentials are generated within the program, we’ve introduced an API to enhance users’ workflow efficiency and eliminate manual management in the platform.

With the new Credential Management API, you can:

But that’s not all. Our revamped Credential Management API also empowers users to:

Gateway Control helps you identify and control access of Hackers on your Gateway program. This self-service function allows you to either temporarily block all Hacker access or temporarily block Hacker access on a per-hacker basis. This function will provide a view of the Hackers connected/recently connected to your program and some user information to help identify the Hackers.

Unlike the legacy solution, the use of this function on Gateway V2 does not impact a Hacker's access to other Gateway V2 programs.

Additionally, due to the introduction of a new front end to view your Gateway program in-platform, you will also be able to:

You can now mention specific users or groups in the comments of a report! In the comment box, type in @ followed by the first few letters of the person or group that you want to mention in the comment. You can also see the number of members in that group and a group icon.

You can now see the current state and submission date of the original report when you submit a duplicate on HackerOne. This increases transparency and reduces ambiguity around which report was submitted first.

It sometimes happens that PII or other sensitive data is included in reports. To reduce accidental exposure of such data, HackerOne will now use machine learning to detect it before submission and allow you to redact it.

Hackers, you can now configure a list of people you'd like to automatically accept collab invitations from on HackerOne! Manage them in your settings, here.

This update consists of three changes: the possibility of adding technologies, spoken languages, and certifications to your profile.

This feature introduces new fields under the Profile page.

Hackers can now follow their current valid report streak (month to month), and it will be also visible on their profile for all visitors.

What is a streak?

Streaks are a way of tracking consistent engagement in submitting valid reports each month. Every month you successfully submit a valid report, your streak increases by one. However, missing a month will reset your streak to 0. The streak will restart the moment you submit another valid report.

The primary objective of Streaks is to keep you committed to your goals and maintain your dedication to submitting accurate and valuable reports by fostering a sense of commitment and accountability.