Help Center

How do we get started?

Congratulations on deciding to set up your vulnerability disclosure program on HackerOne! Here are the steps that will get you up and running:

  1. Create a Security Page. The main components of your security page are your team’s page in the HackerOne Directory, which will require at least a team logo and description, and your program policy, which consists of the program scope and disclosure policy. We have all sorts of tips in the Help Center to make sure both your page and policy are great. Be sure to read our Disclosure Guidelines, which outlines HackerOne’s disclosure philosophy and some general best practices for both Security teams and hackers.

  2. Determine your bounty reward structure and when to pay. Bounties act as incentives for hackers to search for vulnerabilities in your platform. There is no one-size-fits-all reward structure; instead, bounty amounts can and should vary to address your main concerns. Not quite sure what a good reward structure should look like? Check out the Bounties section in the Help Center which outlines best practices and examples.

  3. Set up your payment and billings. Remember, HackerOne always allows you to determine the program’s overall budget, as well as if, and how much to pay on a report by report basis. HackerOne also takes care of the paperwork associated with rewarding hackers; there are just a few initial steps to configure this.

  4. Invite hackers to submit reports. Once you exit the initial setup environment, your program will be live as a confidential, invitation-only program. To start receiving reports, invite hackers to your program. Enable HackerOne to control how many hackers you invite by setting a report volume, which will help you control the amount of incoming reports.

  5. Eventually, launch your program publicly. When your team is comfortable with their capacity to handle reports, think about taking your program public. The volume of reports is likely to increase substantially, so feel free to reach out to to discuss going public and consider working with one of our managed program triage partners.

  6. Don’t hesitate to ask for help. Have an issue or a question you can’t find the answer to in the HackerOne Help Center? Reach out to us.

Have more questions? Submit a request
Powered by Zendesk