1. `open http://localhost:8000` to open the site in your favorite browser

We now enable hackers to publish their findings from external sources that don't have HackerOne programs. Click [here](/hackers/publishing-external-vulnerabilities.html) to learn more.

Hackers now have the ability to set up [two-factor authentication](/hackers/two-factor-authentication.html) to add an extra layer of protection to their accounts.

Response Programs in Controlled Launch that meet all of the success criteria are now prompted to publicly launch their own program through following the Setup Guide or through email notification.

Response SLA settings are now applied to all reports and not just reports created after modification to SLA settings.

3. Click **Copy** to copy the URL.

4. Import your HackerOne calendar URL to your personal calendar in [iCal](#iCal) or [Google Calendar](#Google).

1. Go to **File > New Calendar Subscription** in Calendar.

4. Choose how frequently you want to refresh the events in the **Auto Refresh** field.

5. Click **OK**.

1. Open [Google Calendar](https://calendar.google.com/).

2. Add a new calendar by selecting **From URL**.

2. Download your VPN Credentials from HackerOne (See: <i>Accessing your VPN Credentials</i> below)

3. [Configure your OpenVPN Client](/hackers/openvpn-clients.html).

Once you've configured the HackerOne VPN and accepted an invitation to a VPN enabled program, to access your VPN Credentials:


The Directory provides relevant information for both hackers and programs.

The Directory enables Hackers to:

* Publish contact information for receiving information about potential vulnerabilities in their products or online services, such as a security@ email address or a HackerOne program (See [ISO 29147](http://www.iso.org/iso/catalogue_detail.htm?csnumber=45170) for additional guidance or [contact HackerOne](mailto:[email protected]))

* [Search](https://hackerone.com/directory) for their organization to ensure that their security team's contact information and disclosure policy is accurate (See [Claiming the Security Page](/programs/security-page.html) if the program page hasn’t been claimed for editing)

You can find this information associated with an organization on the directory:

Option | Detail

Managed Icon<br> | Programs managed by HackerOne. These programs are more likely to respond quickly to your report and there's a higher likelihood of being successful on these programs because it's managed by the HackerOne triage team.

Not Accepting Submissions Icon<br> | A program that isn’t accepting any report submissions on HackerOne.

You can filter your list of programs by both program features and by asset type.

The program features you can filter include:

Disclosure requiring Mutual Agreement | You can request disclosure for any closed report in the program. If the program security team agrees to disclosure, the contents of the report will be made public. If the security team doesn't take any action, the contents of the report will remain private. <br><br>*The program must request to opt-in to this option.*

Disclosure Disabled | Disclosure isn't allowed for any report.

Both you and program members can request for disclosure. To request for disclosure:

1. Go to the report you want to disclose.

When publishing reports, the security team can choose to disclose the report in full or limit the information published. The default is to display all the communication between the hacker and the security team from first report to resolution.

You can cancel your disclosure request if you later decide to not disclose your report. You can also cancel disclosure requests from a program asking you for disclosure.

3. Enter a comment explaining why you are canceling the disclosure request.

4. Click **Post**.

Private programs can also enable you to disclose a report to other hackers within the program. Upon disclosure, contents of the report will only be visible to other hackers in the private program. This enables you and other hackers to share your vulnerability findings with other hackers in the program so that they can be aware of what vulnerabilities have been found for that program.

The Hacker Dashboard enables you to view and manage all of your invitations.

The Overview page is your guide to help you get started on HackerOne. You'll be directed to the right pages to help you get the information you need to successfully start out on HackerOne.



You can elect to leave the private programs that you no longer have interest to participate in by clicking **Leave Program** next to the program you want to leave.


Click <b>View Invitation</b> to review the invitation and take action to accept or reject it.

The Bookmarked Programs tab enables you to view the list of programs that you've marked as your favorites in the directory. This enables you to better keep track of the programs you're most interested in.

To install the HackerOne VPN Root CA to your Windows machine:


To install the HackerOne VPN Root CA to your macOS platform:


Execute the following commands in your terminal to download and install the HackerOne VPN Root CA:

The command will state that it has installed one (or more) new certificates, through which the certificate has been successfully added to the Operating System.

To install the HackerOne VPN Root CA to Firefox:

* [Windows](#windows)

* [macOS](#macos)

To configure the OpenVPN client to your windows machine:

The VPN will start connecting.

To configure the OpenVPN client on macOS:

}

</style>

A bounty is money you get rewarded with for reported and resolved bugs. They're used to attract the best hackers and to keep them incentivized to hack their programs. Bounties are used to encourage you to focus on particular assets by altering the reward amount for different vulnerability types. You won't get rewarded for every report you send in, but only for useful, valid reports.

Keep in mind that you still need to have a valid tax form on file in order to donate your bounty. At this time, we can only donate bounties in full as we can't do partial or split donations.

Your program can elect to award you with various swag in addition to or instead of bounties. Swag includes merchandise as well as free coupons or vouchers for the services or products the program offers. Some programs also offer to host hackers near their office or cover admissions fees to conferences you're invited to attend.

The program is responsible for fulfillment and delivery of swag to you.

Programs can award bonuses to recognize hackers for positive actions beyond finding valid vulnerabilities. Bonuses enable programs to offer more flexible incentives without increasing the market rate for bounties.