Directory

Community-curated resource to help contact organizations' security teams

Updated over a week ago

The Directory is a community-curated resource that helps hackers identify the best way to contact an organization's security team. This guides hackers in reporting potential vulnerabilities directly to the organizations that can resolve them. The Directory is comprised of a list of various organizations that both use and don't use HackerOne. It documents the existence of an organization's vulnerability disclosure policy and any associated bug bounty programs.

Directory Services

The Directory provides relevant information for both hackers and programs.

The Directory enables Hackers to:

  • Search for an organization to get the contact information of a security team.

  • Add security team contact information for an organization so that other hackers know where to submit vulnerabilities (See Create a Directory Page)

    • As the directory is community-curated, hackers who maintain a sufficient reputation have edit rights and can update information about an organization. If you don’t have edit rights, you can reach a moderator at directory@hackerone.com with any changes.

  • Find programs they're interested in hacking on

  • Bookmark their favorite programs

  • View and compare statistics of various programs

Note: If an organization hasn't published security contact information anywhere, HackerOne recommends considering assistance from the local CERT.

The Directory enables programs to:

  • Publish contact information for receiving information about potential vulnerabilities in their products or online services, such as a security@ email address or a HackerOne program (See ISO 29147 for additional guidance or contact HackerOne)

  • Search for their organization to ensure that their security team's contact information and disclosure policy are accurate (See Claiming the Security Page if the program page hasn’t been claimed for editing)

What's On the Directory

You can find this information associated with an organization in the directory:

Information

Details

Launch date

The date the program started to accept vulnerabilities.

Reports resolved

The total number of vulnerabilities the organization has resolved. If the field is marked with a - this means there are no resolved reports, or the program chose not to display this information on their metric display settings.

Bounties minimum

The minimum bounty that will be given for a valid vulnerability. If the field is marked with a - this means that there is no minimum bounty, or the program chose not to display this information on their metric display settings.

Bounties average

The average bounty that is given for a valid vulnerability in a program. If the field is marked with a - this means that there is no average bounty, or the program chose not to display this information on their metric display settings.

Star Icon

Bookmark your favorite programs by clicking on the icon. A list of your bookmarked programs will show on your Hacker Dashboard under the Bookmarked Programs tab.

Managed label

Managed by HackerOne: Faster response and greater success potential due to HackerOne's triage team.

Not Accepting Submissions label

The program isn’t currently accepting any report submissions on HackerOne.

Collaboration label

The program enables hackers to collaborate with others and split their bounty in finding and submitting a vulnerability.

Retesting label

The program participates in retesting.

Directory Filters

You can filter your list of programs by both program features and asset type.

The program features you can filter include:

Filter

Details

IBB

Indicates Internet Bug Bounty - a bug bounty program for core internet infrastructure and free open-source software. These programs are managed by a panel of volunteers selected from the security community. Learn more here.

Offers bounties

Programs that offer bounties as rewards for finding vulnerabilities.

High response efficiency

Programs that meet their response target metrics at least 80% of the time.

Managed by HackerOne

Managed by HackerOne: Faster response and greater success potential due to HackerOne's triage team.

Offers retesting

Programs that can request hackers to retest vulnerabilities.

Active Program

Programs that are currently accepting report submissions.

Bounty spitting

Programs that enable hackers to collaborate with others in submitting a vulnerability.

Did this answer your question?