You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/hackers/hacker-mediation.md
+9-8Lines changed: 9 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -8,17 +8,16 @@ id: "hackers/hacker-mediation"
8
8
Hackers can request assistance from HackerOne in cases when discussions with the program have been attempted and there has been no satisfactory resolution. Vice versa, programs can also request mediation when the Code of Conduct has been violated.
9
9
10
10
Hacker Mediation can be requested for the following reasons:
11
-
12
-
A program's decision is inconsistent with broad industry standards.
13
-
A program does not honor a commitment made on their Security Page.
14
-
A program promises to reply within a certain time period on their Security Page but fails to do so.
15
-
A program claims a domain is in scope on their Security Page, then makes a last-minute change to pull it out of scope based on your report.
16
-
A program clearly outlines a vulnerability in a particular domain as being worth a minimum bounty, but then awards less than that amount or no bounty at all without explanation.
17
-
Etc.
18
-
11
+
* A program's decision is inconsistent with broad industry standards.
12
+
* A program does not honor a commitment made on their Security Page.
13
+
* A program promises to reply within a certain time period on their Security Page but fails to do so.
14
+
* A program claims a domain is in scope on their Security Page, then makes a last-minute change to pull it out of scope based on your report.
15
+
* A program clearly outlines a vulnerability in a particular domain as being worth a minimum bounty, but then awards less than that amount or no bounty at all without explanation.
16
+
* Etc.
19
17
20
18
Hacker mediation is used to raise concerns about reports to security teams and facilitate discussions between hackers and customers to enable a more favorable outcome for everyone involved. Please keep in mind that if a program is not managed or triaged by HackerOne, then the time to fully resolve the mediation might take longer than usual.
21
19
20
+
22
21
### Requesting Hacker Mediation
23
22
To request mediation:
24
23
@@ -40,6 +39,7 @@ In most cases, HackerOne will not be able to mediate for reports that have been
40
39
41
40
Finally, keep in mind that HackerOne is no longer able to add external researchers to original report submissions due to security and privacy concerns related to doing so.
42
41
42
+
43
43
### Hacker Mediation Triggers
44
44
Requesting hacker mediation triggers the following actions:
45
45
@@ -60,5 +60,6 @@ Two-factor authentication resets | Unresponsiveness (e.g.: The triage team or th
60
60
Account deletion |
61
61
General questions |
62
62
63
+
63
64
**The Make It Right Fund**
64
65
There may be cases where HackerOne may believe a hacker’s submission has been handled incorrectly. We want to make sure hackers are awarded for their efforts in such cases. After extensive backend reviews are completed of the specific report, the hacker may be considered for a discretionary correction from the HackerOne Make It Right Fund. Please keep in mind that not every report is eligible for Make It Right and the decision to recommend or consider a Make It Right award belongs to HackerOne. Usage of Make It Right may be noted in the report’s record for transparency.
0 commit comments