Michiel Prins
Co-founder and Senior Director, Product Management

How Do You Know Ethical Hackers Can Be Trusted?

Ethical hackers with HackerOne's Clear and Gateway programs

Half (52%) of security professionals would rather accept the presence of undiscovered vulnerabilities than work with hackers. We understand that, for organizations that operate under strict compliance requirements or in highly regulated industries, ethical hacking feels like a risky option despite the proven impact accepting vulnerability reports from third parties has on reducing security risk.

Some of the most common questions prospective customers have about working with hackers are “How do I know I can trust hackers?” and “How do I retain control of my environment?” HackerOne’s Clear and Gateway products were designed as answers to these questions, and we’ve rolled out new updates that make a HackerOne human-powered security program the most trusted in the industry. 

“Hackers don’t break things, they show you what’s already broken.”
@
Tomnomnom, Ethical Hacker

HackerOne Clear 

HackerOne Clear offers flexible hacker verification levels to meet your compliance needs. This adaptable add-on spans HackerOne's products, including Bug Bounty, Pentest, and Code Security Audit, enabling customers to tailor access to their specific verification requirements. Whether meeting conservative compliance mandates or seeking top-tier performers, Clear lets you choose the right verification level for each engagement.

  • Gain Confidence with Control: Choose top-tier, high-performing hackers for your program, boosting your confidence and ensuring productive partnerships with unfamiliar hackers. Tailor your program to invite the most exclusive elite group based on proven performance.
  • Simplify Compliance: Meet compliance regulations by selecting hackers who have pre-verified their identity and location for program admission. We offer ID verification and ID verification+Background Checks. 
  • Adhere to Regulation: Easily comply with partnership and location regulations by choosing hackers who have cleared a background check that includes citizenship and/or residency before program admission. 

Unlike competitors, our Clear solution offers the flexibility to choose from a variety of verification levels that both expand your talent pool and allow you to meet even the most stringent compliance requirements. For instance, if you only need ID verification and 18+, you can tap into a much larger pool of talent. By maximizing your talent pool, you can, in turn, maximize your results.

“The unique ability to invite background-checked researchers to our bug bounty program through HackerOne Clear helped build trust and confidence across our security and DevOps teams, which is vital at AppDirect. The level of control given to us with HackerOne Clear aided buy-in from executives and colleagues without sacrificing results.” 
— Sankara Shunmugasundaram, Head of Global Security and Compliance at AppDirect

HackerOne Gateway

HackerOne Gateway, powered by Cloudflare’s global network, is a superior ZTNA (Zero Trust Network Access) solution that enables you to see who is accessing your system and where, helping you differentiate between ethical hacking traffic and truly malicious activity. Gateway allows swift access to assets, comprehensive self-service controls, and detailed coverage analytics, allowing customers to effectively oversee and manage hacker activity and access. Our in-platform features empower customers with self-service access control, contextual analytics, and easy access to traffic log data. Additionally, it has the functionality to provide hackers with access to internal and firewalled assets, making internal app testing possible. 

  • Real-time Threat Insight: Gain immediate visibility into hackers' attack paths, facilitating near-instant tracking of their progress.
  • Precision Hacker Monitoring: Monitor hacker testing activities with consistent egress IPs, confidently reducing security alerts by effectively distinguishing between legitimate hacker traffic and genuine threats.
  • Geo-Compliant Security: Ensure regulatory compliance by selectively admitting hackers solely from your chosen countries.
  • Effortless Asset Expansion: Easily broaden your program's reach, incorporating previously restricted firewalled assets without requiring extensive setup or granting direct system access to hackers.
  • One-Click Control: Maintain access control with ease using our user-friendly Gateway control panel, granting you the power to halt testing at any time.

“Cybersecurity is a race between threat actors and defenders, with the ‘winner’ hinging on the speed of identifying vulnerabilities. Defenders need to be the first to fix weaknesses before they’re exploited. HackerOne Gateway, backed by Cloudflare’s services, helps level the playing field for defenders. With greater control and transparency around hackers, and the access they have to customer environments, HackerOne can discover vulnerabilities before malicious threat actors faster than ever before.”
— Chris Draper, Product Manager at Cloudflare

Find out more about how Clear and Gateway can support you in benefiting from the insights and expertise of the ethical hacking community with our solutions briefs:

HackerOne Clear 
HackerOne Gateway

The 7th Annual Hacker-Powered Security Report

Hacker-Powered Security Report