API Update Announcement: Report State Changes and Submission Comments

Communication is one of the keys to success in running a bug bounty program. From facilitating more than 650 bug bounty programs, we’ve learned that an internal communication breakdown can cause a variety of issues.

Today, we’re announcing an update to the HackerOne API with some slick new communication features.

Now, all Pro and Enterprise subscribers have the ability to change the state of HackerOne reports and post comments on submissions. These helpful features can make your bug bounty program significantly more successful.

It’s our vision that software developers should be included in the resolution of a security vulnerability as much as possible. The benefits here are clear:

• Educate oneself to become a better developer,
• Interaction with the hacker community to get to know each other, and
• Faster turnaround.

The new APIs are key to making this happen.

/reports/state_changes

The use case we optimized for here is straightforward: allowing you to connect your internal workflow with HackerOne to reduce management overhead.

For example, automatically reflecting that a fix has been deployed to your production environment and that it’s ready to be retested. Another great utility is to automatically mark a HackerOne report as resolved when the internal ticket has been marked as resolved. So if you use JIRA, for instance, you mark the ticket as complete on your end and the researcher on HackerOne will see this:

Transparent, consistent communication = happy hackers. AND less time for your team to respond to status questions.

/reports/comments

Posting comments is a great way to keep the finder of the report in the loop when tickets in an internal system change state.

One of the use cases outlined in the documentation, is to post a comment to the original finder to retest the vulnerability when a fix has been deployed.

This provides a contextual thread to close the loop of that vulnerability. No second guessing, no extra steps required.

Stay tuned

We’ll keep building new, helpful features for you to manage your bug bounty program effectively and empower your success.

We’re very excited about the latest additions and hope you are too. Please reach out if you have any feedback or thoughts about the direction of our API. We’re always accessible via email at feedback@hackerone.com and if you’d like to get access to this new API feature, hit us up at sales@hackerone.com!

Jobert Abma
HackerOne co-founder

ps – Want to read about how a Senior Security Engineering Manager at Uber approaches bug bounties? Read Collin Greene’s article on our blog.

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.

Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.

Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!