Customers are now able to segment reports by teams, business units, and/or assets with the use of Custom Inboxes! Organizational administrators can create up to 300 collections of reports supporting customers' organizational structure and workflow needs.

Furthermore, we will be introducing Inbox API to allow our customers to automate report allocation from an engagement inbox to a custom inbox of their choosing.

How to use it: Request access from your HackerOne CSM, then head over to Organization Settings > Inboxes to create a new Custom Inbox.

Increased searching and filtering capabilities take Hacktivity to the next level.

When a report is in a "Needs more info" state for longer than 30 days without a response from the hacker, it's automatically closed. It is beneficial for both hacker and customer and generally a good practice to follow up on these reports before they are auto-closed. Doing this manually would be a huge undertaking, and hard to track.

Now, for reports in the "Needs more info" state, an automatic reminder will be posted every 7 days reminding the hacker the report is waiting for their input.

We expect IDv/Clear In-Platform Click-Thru Rules of Engagement to help Hackers by simplifying their onboarding process.

System triggers can only be turned on and off from the program settings, but not edited. Each program can still create and edit their own custom triggers, in a separate tab. Next to it, we're releasing some internal changes to expand the functionality and increase the number of system triggers.

Our goal is to reduce the noise from non-interesting reports and automate parts of the response process that should become easier and faster (fewer of these reports, and handled faster).

The pentest scoping questionnaire now contains a direct link to "View all HackerOne Pentest methodologies."

Prospects and customers can view a PDF of available H1P Methodologies as they scope their pentest. The document showcases the methodologies HackerOne pentesters follow throughout the pentest and demonstrates how HackerOne assesses the effort required to perform the engagements.

Exploit Prediction Scoring System (EPSS) is a new industry standard that provides a live measure of exploitability for any given CVE. Similar to CVSS, EPSS is published by FIRST.org. An EPSS score estimates the probability of observing in-the-wild exploitation attempts against that vulnerability in the next 30 days. This new feature integrates EPSS into the existing CVE Discovery page. Additionally, when viewing a CVE anywhere on the platform, you can see the most recent EPSS score.

Customers can now combine well-known CVSS ratings with EPSS and HackerOne’s platform intelligence, gaining a significant information advantage in the remediation of CVEs. This advantage allows enterprises to prioritize remediation efforts more effectively and establish risk-aligned remediation SLAs.

Date and interval selections will stay as they are while navigating between dashboards without resetting them.

We've also updated chart language, added tooltips, and reconfigured some visualizations to help you better understand your data.

This feature allows customers to self-service and fully manage (invite and remove) hackers from a single place. Customers using this feature will be able to remove hackers without banning them. This will leave the door open for them to rejoin in the future.

For hackers, this feature makes sure that you're informed about why the program decided to take such action, reducing friction and transparency.

To use the Remove Hacker feature:

Using AI, we assess the researcher activity and report submissions from the previous 6 months as well as bounty amounts from other programs to calculate the competitiveness percentage. This provides guidance on the potential success of the bounty amount and attracts a wider pool of researchers.

How to use it: Program managers can view the competitiveness score next to the bounty tables view under Program and adjust the bounty amounts accordingly to boost the score.

We have unified the Date-time presentation across the platform after receiving feedback from our hackers and customers.

Report Collaborators via the Customer API helps customers who want to manage hacker contributions outside our platform, increasing the visibility of Hackers who worked together on a Report.

To use Report Collaborators via the Customer API, follow the API integration instructions defined on https://api.hackerone.com/.

We introduced changes to the Live Hacking Event Leaderboards system to address concerns regarding calculation accuracy and fairness to collaborators. These changes currently impact LHEs, but will gradually be adopted platform-wide.