Alle Bewertungen zu HackerOne Filter anwenden
Nutzerbewertungen zu HackerOne durchsuchen
Alle Bewertungen zu HackerOne Filter anwenden
- Branche: Computer-Software
- Unternehmensgröße: 51–200 Mitarbeiter
- Monatlich für Mehr als 1 Jahr genutzt
-
Quelle der Bewertung
Mehr Details anzeigen
Discover security vulnerabilities in your software in a way you can control
HackerOne informed my team of a number of security vulnerabilities in our application which we were able to fix quickly and discreetly.
Vorteile
Discovering vulnerabilities in your software is as important as it is sensitive. You need to discover them as quickly as possible, but don't necessarily want to advertise them to the public (even though all software inevitably has vulnerabilities). The thing I like most about HackerOne is the control it gives you over how your software is tested and how vulnerabilities get reported and addressed. Starting out, you may want to make testing private (invite-only) and invite a handful of testers to a testing environment. Later on, if you want to discover more and rarer vulnerabilities, you may decide to make testing public and allow HackerOne's large community of security researchers to search for issues.
Nachteile
I wish HackerOne's integrations (e.g. with Github) were self-service and more fully-featured. You can have HackerOne reports created as Github issues, for example, but in order to make that happen you have to contact HackerOne manually. I'd love a way to set this up myself, and for that integration to go both ways, e.g. for activity on the Github issue to appear in HackerOne. (Their Jira integration supports this.)
