My use case is similar to DuckTron. The processes I use for DuckTron are exactly the same for HackerOne. Therefore, there isn't much of a difference. I use HackerOne for finding vulnerabilities and reporting them, then receiving rewards akin to a bug bounty program. 

Within my organization, HackerOne is used for vulnerability coordination through its user interface, which lists programs and websites for reporting vulnerabilities.

HackerOne is larger than WebCloud and has a better reputation than BugCloud, which results in a smoother process. Both platforms are similar in using their interfaces to list programs and facilitate reporting vulnerabilities, whether public or private.

Everything has become slower on HackerOne. I have noticed that older researchers receive all the private invites while newer ones receive fewer. The same goes for real-life events, where the same people are invited repeatedly. There are no clear guidelines for being invited to programs and conferences, and the process for receiving invitations appears arbitrary.

I have used it for the same duration as other cloud services.

I have never faced any stability issues on HackerOne for the past four years. Everything was always completely smooth.

HackerOne has high scalability. It is a large platform with many programs and clients, so I would rate it a nine out of ten.

Technical support at HackerOne has slowed down considerably compared to four years ago. Previously, the support was quicker and more detailed, which is not the case now.

I have tried Integrity and reported vulnerabilities there, and I have tried SVHack. However, I spend 90% of my time on HackerOne.

The initial setup is simple and straightforward, which I would rate a nine out of ten. I have never faced any difficulties during this process.

HackerOne is free of cost for us. We receive rewards without needing to invest any money, so the return on investment is substantial.

The cost is rated as one since there is no need to pay anything, not even a fee or commission.

I have tried other platforms like Integrity and YesLack, however, I focus most of my time on HackerOne.

I rate HackerOne a nine out of ten. 

It is slightly better than BugCloud. While some aspects have slowed down, HackerOne is still a strong platform for enhancing skills and offers an excellent initial setup. They should improve their invitation process.

I mainly use it for downtime activities, earning extra cash alongside a full-time job, and to get new sales and profits.

It helps me to get new sales, profits, and other benefits.

The main thing I like about HackerOne is that it provides a direct way to contact the program directly without the need to wait for weeks to get issues finalized and validated. They have streamlined the complete process, which gives a sense of security to the users.

The ability to view the conversation between the triagers and the programs will be really good. When an issue gets reported, the understanding conveyed to the program by the triagers is not visible to the reporter. This can cause gaps between what the finder has reported and what is explained to the program. If this communication is visible, it would benefit both parties.

I have been using it for over three years, around three years.

I have not had any issues with stability like bugs or breakdowns.

The scalability is good. It is easy to scale up or down data.

The responsiveness has been good.

Positive

I did not use any different solution before using HackerOne.

The initial setup is not rocket science. It is something easy.

It is free.

The improvements which I have listed should be considered.

I use the tool for vulnerability assessment and testing. 

The most valuable feature of HackerOne is its variety of programs. These programs provide depth into various areas, such as mobile, API, and websites. 

Response time can be improved. The HackerOne Trust team can be slow to respond sometimes. They're not using AI, which could help reduce the number of duplicate reports.

I have been using the product for one and a half years. 

The tool is stable and has only minor bugs. 

The solution is only scalable for registered users, not for mass people.

The solution is free. 

Integrating HackerOne into existing security protocols is impossible because it's just a platform. I rate the overall solution a six out of ten. For beginners, HackerOne is quite intuitive if you know the basics. You can easily create an account and start exploring different things.

I use the tool for hacking, practicing, and doing responsible vulnerability disclosure.

I don't use the tool in my day-to-day work. It's more for freelancing. I search for open platforms where I can do penetration testing on websites. If I find any bugs or vulnerabilities, I get paid. So, I do it as a freelancing activity, and it's really helpful.

Apart from getting all the bug bounty opportunities, we also get the chance to practice in a safe environment, like a demo setup. These features are great for beginners who want to explore bug bounties in the future.

One issue I've experienced is traffic. Many people try to participate when an opportunity with a bounty of around 1,000-15,000 dollars comes up. In this case, the first person to report the vulnerability gets the bounty. If a second person reports the same vulnerability, they are marked as duplicated instead of receiving some recognition. The second person also invested time finding the issue, so I think this can be improved.

I have been using the product for three to four years. 

HackerOne is stable. 

I haven't contacted the tool's technical support yet. 

I decided to go with HackerOne because I have experience with three bug bounty platforms: HackerOne and Bugcrowd. With Bugcrowd, you have to search for opportunities. In contrast, HackerOne presents opportunities directly when you log in. Additionally, other platforms' server response time and reporting methods are longer compared to HackerOne. HackerOne's reporting process is straightforward, with dropdown options for selecting the website and type of vulnerability.

The solution doesn't need an installation since it's a SaaS model. It's very easy to use. When you log in for the first time, you'll directly see the opportunities page, where companies are ready for you to hack. The opportunities are right before you, so you don't have to search for them like on other platforms. 

The tool is open-source and free for bug bounty hunters. 

In college, I started using HackerOne and taught my 10-20 juniors how to use it. I'm sure they might still be using it in their lives right now. The biggest challenge integrating HackerOne into my existing security protocols has been on my side, not the tool's. I need to take the time out to use and practice with it, but currently, I'm unable to give it the time I used to. There's no issue from the application side.

To use the tool, you first need a basic knowledge of cybersecurity terms, like exploits and vulnerabilities, and how to identify them. Once familiar with these basics, you can learn more from the resources and platforms HackerOne provides. They offer tickets and guides to help you understand the methods for finding and exploiting vulnerabilities.

Before deciding to use the solution in your organization, consider the purpose. HackerOne is a multi-platform. If the goal is to spread awareness about cybersecurity or to make the security team more active in learning about hacking methods and new vulnerabilities, then it can be very effective. It allows the team to earn extra money while learning and exploring new vulnerabilities in the market, potentially even finding zero-day vulnerabilities.

I would rate HackerOne around an eight to nine out of ten. The application is simple to use, offering numerous opportunities and scopes for exploration. It covers many platforms, including web, Android, and iOS applications. However, the high traffic can sometimes be a drawback. If they manage this issue by implementing features like consolidation pricing for duplicate vulnerabilities, it could easily be a ten out of ten.