Improved Testimonials CTA
This enhancement makes the Testimonials CTA more prominent at the top of the report page, leading to more testimonials for hackers. This update also includes a technical cleanup to improve reliability.
How to Use: Close a report as Resolved and you will see the CTA banner at the top of the report page. Make sure you have the report_reward_manager permission. Learn more about hacker reviews here.
More Program Statistics (BBP & VDP)
We're rolling out new metrics and revamping existing ones to boost transparency and help hackers make more informed decisions. As part of this update, programs can no longer disable bounty statistics on their security pages.
New Metrics:
Average bounty per severity: Displays the average bounty amounts awarded for each severity level.
Valid submissions % per severity: Shows the percentage of valid submissions for each severity level.
Valid submissions % per asset: Indicates the percentage of valid submissions for each asset type.
How to Use:
Visit the Security page to view the Average bounty per severity and Response efficiency statistics.
Check the Rewards table and Scope tab for Submission volume metrics.
These updates give you a clearer picture of program health and fairness, making it easier to choose your targets.
Inbox Mediations Summary
Mediation summaries enhance mediation visibility and actionability by displaying metadata such as mediation status, type, request date, and requester directly on the report page.
How to Use: Check the top of the report metadata summary for mediation details and navigate via the ticket ID to Freshdesk. Learn more on our doc page.
Bidirectional Asana Integration
For Professional & Enterprise customers only
Sync data between HackerOne reports and Asana tasks to improve workflow and alignment between your teams! Learn how to set it up here.
Homepage (Open Beta)
The homepage acts as a central hub for customers to view important stats and reports that need attention.
How to Use: Navigate to User settings > Beta features to enable the Homepage feature, then select the Home icon in the left navigation bar.
Export Hackers (CSV)
You can now download an overview of hackers in your private programs! This previously required an API setup or support request, but now you can do it right from your settings. Learn more here.
Asset Tagging
Asset Tagging is now available to all H1 customers! Asset tagging lets you seamlessly navigate through your assets, making them easy to identify and assign.
Filter and group assets in your inventory based on custom tags, streamlining your asset management process.
Tailor your experience by creating a personalized tagging taxonomy, aligning the platform with your unique workflows and preferences.
Integrate with API support, allowing for enhanced automation and customization to suit your specific needs.
How to Use: Go to the Asset Inventory and click Manage tags to create or edit tags. Learn more here.
Spot Checks
Spot checks provide targeted scope testing, agile testing for new features, and leverage top hackers to validate security quickly! They're available for all Bounty and Challenge customers.
Spot checks allow you to utilize existing bounty funds for:
Targeted Scope: Hone in on specific areas of concern, ensuring resources are efficiently directed where needed, and provide written proof of coverage for testing assurance.
Agile Testing: Ideal for assessing new features or tackling specific CVEs, Spot Checks facilitate quick and flexible testing iterations, allowing for rapid adaptation to evolving security needs.
Tap Skilled Experts: Discover hackers with unique skill sets to optimize resource allocation and increase the likelihood of identifying critical vulnerabilities.
Grow Hacker Relationships: Leverage top hackers who know your attack surface inside and out to validate the presence or absence of security problems quickly.
How to Use: Go to the Engagements page and find the Spot Checks tab. Learn more about spot checks on our doc page or our blog.