Organization Changes
Variable Retesting Award Amounts
Variable retesting award amounts are now available to all bounty programs using hacker-powered retesting!
This feature allows customers to invite hackers to retest for a higher award amount. Customers are still free to increase the award amount on approval of the retest as well. Inviting hackers with a higher award amount increases incentives to complete retests and further boosts hacker rewards! To invite hackers with a higher award amount, simply increase it while requesting a retest.
Triage Scope Instructions
Triage scope instructions help streamline customer preferences on how the HackerOne Triage team should act on reports submitted against assets not defined in a program's scope. If a hacker reports on an asset that was not listed in the program scope, our triage team can now request instructions on how to handle the report from the customer. Organizations, in turn, can then provide private instructions on how triage should handle the report and future reports against that asset.
Triage Scope Instructions are now available for any programs using H1 Triage. Learn more here.
Program States Update
If a "Pending Program Review" report is changed to "Needs More Information," it now goes back to "Pending Program Review" instead of "New" after the hacker responds.
Detailed Final Report
Introducing our upgraded pentest report, now accessible across all Pentest tiers! This enhanced report delivers actionable insights efficiently, addressing past shortcomings. It includes detailed technical findings, empowering customers to make informed security decisions. Our automated system and human expertise create polished, easily shareable reports. Receive an email notification when your final report is ready for download as a PDF. All reports are accessible from the Pentest Summary Report tab within your Pentest engagement.
Gateway V2
Introducing our enhanced Gateway powered by Cloudflare β a superior Zero-Trust Network Access solution. Enjoy swift asset access, in-platform self-service controls, and detailed coverage analytics, eliminating technical limitations of the legacy solution.
For Customers:
Real-time Threat Insight: Immediate visibility into hackers' attack paths for near-instant tracking.
Precision Hacker Monitoring: Confidently differentiate legitimate HackerOne traffic from actual threats.
Geo-Compliant Security: Ensure regulatory compliance by selectively admitting hackers from chosen countries.
Effortless Asset Expansion: Broaden program reach by incorporating restricted assets with minimal setup.
One-Click Control: Maintain access control with the ability to halt testing at any time.
Bounty Autopilot
Bounty Autopilot is now available for all Bug Bounty customers! Boost engagement using Bounty Autopilot to incrementally raise bounty amounts over 90 days or until a high or critical vulnerability is resolved. You can enable it in Engagement settings > Programs > Rewards > Bounties. Learn more in our article.
Quality of Life Improvements
For Customers:
Customers can now remove hackers from programs without banning them.
We made the removal process self-service so customers no longer have to contact their CSMs to remove members.
We've updated text and tooltips on the Analytics Dashboard to clarify what constitutes a Returning Hacker vs. a New Hacker.
Hacker Changes
Variable Retesting Award Amounts
Variable retesting award amounts are now available to all bounty programs using hacker-powered retesting!
This feature allows customers to invite hackers to retest for a higher award amount. Customers are still free to increase the award amount on approval of the retest as well. Inviting hackers with a higher award amount increases incentives to complete retests and further boosts hacker rewards! To invite hackers with a higher award amount, simply increase it while requesting a retest.
Program States Update
If a "Pending Program Review" report is changed to "Needs More Information," it now goes back to "Pending Program Review" instead of "New" after the hacker responds.
Gateway V2
Introducing our enhanced Gateway powered by Cloudflare β a superior Zero-Trust Network Access solution. Enjoy swift asset access, in-platform self-service controls, and detailed coverage analytics, eliminating technical limitations of the legacy solution.
For Hackers:
40% Reduced Latency: Compared to the legacy Gateway solution.
Dockerized WARP Client: Automates connection to HackerOne Gateway, allowing simultaneous connections to several programs.
In-Platform View: Monitor Gateway programs and access status within the platform.
Notifications: Receive alerts if access to a program is paused or resumed.
Docker WARP Client for Hackers
Docker WARP Client for Hackers is now available on all Gateway V2 programs. We expect the Docker WARP Client to help Hackers simplify and automate their processes when working on Gateway programs.
Hackers can follow the instructions here to use the Docker WARP Client.
Credential Management for Public Programs
This feature is accessible to both hackers and customers! Hackers rated with a signal score of β₯3 can now secure credentials on public programs. And if a customer has favorite hackers who don't quite meet this threshold, they can still personally assign credentials to them via the console. APIs are also supported for these changes.
Available for all Bug Bounty and VDP customers with Enterprise or Professional Product Edition.
Platform-Wide Bounty Hiding
Previously, hackers could only hide their bounty earnings on Hacktivity. We've enhanced this feature to apply platform-wide. Now, hackers who prefer to keep their bounties private can hide them across our entire website and API, not just on Hacktivity. Learn more here.
Gateway Program Information for Hackers
This feature is currently in beta.
We expect Gateway Program Information for Hackers to help Hackers view Gateway V2 programs, obtain the domain name to connect to the program, and see their connection status and program access ability, eg: Full, Partial, or Blocked. Learn more on our Gateway V2 page.
Quality of Life Improvements
For Hackers:
Hackers usually check reports on mobile and find opportunities on desktop. We have made the inbox the landing page on mobile so you always land where you need to be.
We fixed a bug on the Invitations page that prevented hackers from seeing all their pending invitations.
Testimonials are now listed with the newest at the top of the page instead of the bottom.