Welcome Edit the Doc Site Overview Program Start-Up Guide Start HackerOne Response Start HackerOne Bounty Private vs Public Programs Parent/Child Programs Using Markdown Security Page Program Metrics Response Target Indicators Top Hackers Policy and Scope Good Policies Defining Scope Scope Best Practices Asset Types Severity Environmental Score Bounty Tables Importance of Bounty Tables Submit Report Form Report Templates Pausing Report Submissions Response Targets Response Target Metrics Setting Response Targets Invitations CVE Requests Submission Signal Requirements Human-Augmented Signal Groups and Permissions Single Sign-On via SAML Google Okta OneLogin FAQs Two-Factor Authentication Sessions Credential Management Inbox Inbox Views Report Management Report Actions Report States Quality Reports Locking Reports Duplicate Reports Exporting Reports Response Labels Keyboard Shortcuts Disclosure Limiting Disclosed Information Automation Common Responses Triggers Hackbot Retesting Supported Integrations Email Forwarding Embedded Submission Form API Tokens Assembla Bugzilla Freshdesk GitHub GitLab Jira Jira-Cloud Integration Jira-Server Integration Jira FAQs MantisBT OTRS Phabricator ServiceNow Slack Redmine Trac Zendesk Billing Bounties Swag Bonuses Dashboards Hacker Feedback Dashboard Hacktivity Communicating with Hackers Message Hackers Banning Hackers Hacker Email Alias Hacker Mediation Hacker Reviews Disclosure Assistance Start HackerOne Response
If you elect to
Start H1 Response, you'll be taken to the Setup Guide where you can walk through the product on how to set up your vulnerability disclosure policy and successfully launch a program.
Edit for the corresponding field to edit your policy, profile, and scope.
(Optional) Click the toggle to be either on or off. Human Augmented Signal Click
Submit for approval to have HackerOne review your program once you've completed all of the sections in step 1.
If your program is approved by HackerOne, your program will be placed in controlled launch where it'll remain private and visible to only a select number of hackers. To publicly launch your program, your program must:
Receive at least 10 reports and have invited 100 hackers
Meet the baseline responsiveness limits
Once you've met the criteria, the
Public Launch button will appear, and you can publicly self-launch your program when you're ready to.