Help Center

How do we manage reports of known behavior?

Your program may receive reports of known or intentional behavior. These reports often reference accepted risks, lower priority issues, or future best practices. There are a few courses of action to help decrease the frequency of such reports.

1. Customize the Submission Form

Your program can customize your report submission form to list exclusions in the submission form introduction text and/or create special instructions that pop-up when a hacker selects a particular vulnerability type. To manage these options, navigate to program Settings > Submission Form.

At the top of the submission form settings page, you can edit the introduction text. Here you can list exclusions to your scope that will be seen by hackers as they submit a report.

Another option on the submission form is to provide special instructions when a hacker selects a particular vulnerability type. To add special instructions, click the 'Edit' link next to the appropriate vulnerability type, then enter the instructions in the window. Vulnerability types can be Shown (with or without special instructions), Hidden, or Disabled (Displayed with an explanatory message but not selectable). Once the instructions are saved, they appear on the report submission form as a yellow message when that vulnerability type is selected.


2. Setup Triggers

Your program can also setup Triggers (if this, then that actions) that either create a pop-up warning about the report prior to submission or automatically change the report state to "Needs more info." To do so, navigate to program Settings > Triggers and click Add new Trigger.

Set your criteria, then choose an action to be triggered. Show Interstitial requires the hacker to read your message, then choose whether or not to submit the report.

While Change State allows the hacker to submit the report, but automatically changes the state to Needs more info (-1 Reputation) and puts your comment on the report. 


3. Update Your Policy

You can include exclusions for known behavior within your policy on your main Security Page. To edit your Security Page and policy, go to program Settings > Information.


4. HackerOne Managed

If you would prefer to have assistance with triage and managing report volume, you always have the option of adding extra support to your program through HackerOne Managed

Have more questions? Submit a request
Powered by Zendesk