This podcast episode discusses a recent TechTarget Security article about bug bounty platform HackerOne in which researchers aired several complaints about the company.
This Risk & Repeat podcast episode discusses HackerOne and frustrations that security researchers aired about the third-party bug bounty platform.
In a TechTarget Security article last month, bug bounty researchers shared criticisms regarding vulnerability rewards program HackerOne, which primarily involved communication issues and an ineffective mediation process.
HackerOne, founded in 2012, is a bug bounty platform vendor that manages vulnerability rewards programs for organizations like Amazon and LinkedIn. While the company has established itself as one of the largest platforms in the bug bounty market, it has also faced staunch criticism from bug hunters recently.
Researchers complained that HackerOne’s mediation process would rarely result in a win for its researchers and that the platform failed to communicate in a timely manner. The latter issue especially is not unique to HackerOne.
HackerOne provided several detailed responses to TechTarget Editorial for the piece involving its controversial 20% rewards fee, which it said is being phased out, and its rate of mediations ruling in favor of researchers — 74% of “valid mediation requests” rule in favor of hackers, the company said. The company also published blog posts sharing their plans to improve transparency and researcher relations.
TechTarget editors Rob Wright and Alex Culafi discuss the criticism of HackerOne, the company’s responses and possible improvements to bug bounty programs on this podcast episode.
Subscribe to Risk & Repeat on Apple Podcasts.
Alexander Culafi is a writer, journalist and podcaster based in Boston.