3. Click **Copy** to copy the URL.

4. Import your HackerOne calendar URL to your personal calendar in [iCal](#iCal) or [Google Calendar](#Google).

1. Go to **File > New Calendar Subscription** in Calendar.

4. Choose how frequently you want to refresh the events in the **Auto Refresh** field.

5. Click **OK**.

1. Open [Google Calendar](https://calendar.google.com/).

2. Add a new calendar by selecting **From URL**.

2. Download your VPN Credentials from HackerOne (See: <i>Accessing your VPN Credentials</i> below)

3. [Configure your OpenVPN Client](/hackers/openvpn-clients.html).

Once you've configured the HackerOne VPN and accepted an invitation to a VPN enabled program, to access your VPN Credentials:


The Directory provides relevant information for both hackers and programs.

The Directory enables Hackers to:

* Publish contact information for receiving information about potential vulnerabilities in their products or online services, such as a security@ email address or a HackerOne program (See [ISO 29147](http://www.iso.org/iso/catalogue_detail.htm?csnumber=45170) for additional guidance or [contact HackerOne](mailto:[email protected]))

* [Search](https://hackerone.com/directory) for their organization to ensure that their security team's contact information and disclosure policy is accurate (See [Claiming the Security Page](/programs/security-page.html) if the program page hasn’t been claimed for editing)

You can find this information associated with an organization on the directory:

Option | Detail

Managed Icon<br> | Programs managed by HackerOne. These programs are more likely to respond quickly to your report and there's a higher likelihood of being successful on these programs because it's managed by the HackerOne triage team.

Not Accepting Submissions Icon<br> | A program that isn’t accepting any report submissions on HackerOne.

You can filter your list of programs by both program features and by asset type.

The program features you can filter include:

Disclosure requiring Mutual Agreement | You can request disclosure for any closed report in the program. If the program security team agrees to disclosure, the contents of the report will be made public. If the security team doesn't take any action, the contents of the report will remain private. <br><br>*The program must request to opt-in to this option.*

Disclosure Disabled | Disclosure isn't allowed for any report.

Both you and program members can request for disclosure. To request for disclosure:

1. Go to the report you want to disclose.

When publishing reports, the security team can choose to disclose the report in full or limit the information published. The default is to display all the communication between the hacker and the security team from first report to resolution.

You can cancel your disclosure request if you later decide to not disclose your report. You can also cancel disclosure requests from a program asking you for disclosure.

3. Enter a comment explaining why you are canceling the disclosure request.

4. Click **Post**.

Private programs can also enable you to disclose a report to other hackers within the program. Upon disclosure, contents of the report will only be visible to other hackers in the private program. This enables you and other hackers to share your vulnerability findings with other hackers in the program so that they can be aware of what vulnerabilities have been found for that program.

The Hacker Dashboard enables you to view and manage all of your invitations.

The Overview page is your guide to help you get started on HackerOne. You'll be directed to the right pages to help you get the information you need to successfully start out on HackerOne.



You can elect to leave the private programs that you no longer have interest to participate in by clicking **Leave Program** next to the program you want to leave.


Click <b>View Invitation</b> to review the invitation and take action to accept or reject it.

The Bookmarked Programs tab enables you to view the list of programs that you've marked as your favorites in the directory. This enables you to better keep track of the programs you're most interested in.

To install the HackerOne VPN Root CA to your Windows machine:


To install the HackerOne VPN Root CA to your macOS platform:


Execute the following commands in your terminal to download and install the HackerOne VPN Root CA:

The command will state that it has installed one (or more) new certificates, through which the certificate has been successfully added to the Operating System.

To install the HackerOne VPN Root CA to Firefox:

* [Windows](#windows)

* [macOS](#macos)

To configure the OpenVPN client to your windows machine:

The VPN will start connecting.

To configure the OpenVPN client on macOS:

}

</style>

A bounty is money you get rewarded with for reported and resolved bugs. They're used to attract the best hackers and to keep them incentivized to hack their programs. Bounties are used to encourage you to focus on particular assets by altering the reward amount for different vulnerability types. You won't get rewarded for every report you send in, but only for useful, valid reports.

Keep in mind that you still need to have a valid tax form on file in order to donate your bounty. At this time, we can only donate bounties in full as we can't do partial or split donations.

Your program can elect to award you with various swag in addition to or instead of bounties. Swag includes merchandise as well as free coupons or vouchers for the services or products the program offers. Some programs also offer to host hackers near their office or cover admissions fees to conferences you're invited to attend.

The program is responsible for fulfillment and delivery of swag to you.

Programs can award bonuses to recognize hackers for positive actions beyond finding valid vulnerabilities. Bonuses enable programs to offer more flexible incentives without increasing the market rate for bounties.

HackerOne supports markdown syntax on reports, profiles, and security pages.

Markdown Input:


Markdown Input:


<br>

Markdown Input:



Markdown supports two styles for creating links: *inline* and *reference*. With both styles, you use square brackets to delimit the text you want to turn into a link.

You don't need to use markdown to create a `mailto:` link. Simply enter the email as is and it will automatically be converted to a `mailto:` link.

In a regular paragraph, you can create code span by wrapping text in back tick quotes. Any ampersands (&) and angle brackets (< or >) will automatically be translated into HTML entities. This makes it easy to use Markdown to write about HTML example code.

Go to the following web page to see which content types are available for syntax highlighting: https://github.com/jneen/rouge/tree/master/lib/rouge/demos.

You can mention a user by prefixing username with '@' symbol

Markdown Input:

<br>

You can reference a report by prefixing report id with '#' symbol

[#105887](https://hackerone.com/reports/105887) is a publicly disclosed bug

You can reference an attachment while writing reports, comments in reports and report summary. You can do this by writing 'F' followed by attachment id (F). The attachment id is displayed before the attachment name once the upload is successful.

When the link is clicked, the attachment is displayed in the modal.


You can inline images and videos in the report description, comments and report summary by writing the attachment reference id within curly braces (as in {F:id}).

A bounty is money you reward to hackers for reported and resolved bugs. They're used to attract the best hackers and to keep them incentivized to hack your programs. You can use bounties to encourage hackers to focus on particular assets by altering the reward amount for different vulnerability types. You shouldn't feel obligated to award a bounty for every incoming report as it's best to only reward for useful, valid reports.

You can award a bounty through any report submitted to HackerOne. Some teams prefer to award a bounty once the issue has been confirmed as valid, while others wait until the issue is resolved.

Bounty amounts can be increased at any point by setting another award on the report, but keep in mind that bounties can't be removed once awarded.

If you're unsure of how much to award the hacker, you can communicate a suggested amount with your internal team. To suggest an amount:

1. Go to your inbox and open the report you'd like to award a bounty for.

6. <i>(Optional)</i> Enter your reason of why you suggest that bounty amount.

6. Click **Suggest award**.

Here are some best practices to follow when awarding bounties:

* Provide bounties for useful, valid reports.

When hackers submit vulnerabilities to your organization outside of HackerOne, you can leverage the HackerOne API to award hackers for their efforts. To start paying hackers, generate an API token on your Program settings page. Keep in mind that this API endpoint is not for awarding bounties for reports on HackerOne itself, but only for reports that were reported outside of HackerOne.