Each submission from a hacker to your security team is called a Report. The report contains detailed information about the security issue that has be identified by the hacker.
Once the issue has been confirmed by your security team, simply change the report status to triaged and send to a team member to fix the issue. When the issue is corrected, change the report status to resolved and HackerOne will acknowledge the hacker for their contribution by increasing their Reputation points.
- If the issue is something that your team does not plan on fixing in the future, close the report and change the report status to Informative. This will let the hacker know that this report contained useful information but did not warrant an immediate action or a fix. You can consider providing an alternative risk assessment or other mitigating factors. Public disclosure is still available with mutual agreement.
- If the issue is a duplicate of another report, close the report and change the status to Duplicate. We recommend, if possible, the best practice of linking the duplicate to the original report to acknowledge hackers that submitted a duplicate issue.
- If the issue is not valid, outside your defined scope, or otherwise ineligible, close the report and change the status to Not applicable.