diff --git a/docs/hackers/images/publish-vulnerability-1.png b/docs/hackers/images/publish-vulnerability-1.png new file mode 100644 index 00000000000..e8832af6d7b Binary files /dev/null and b/docs/hackers/images/publish-vulnerability-1.png differ diff --git a/docs/hackers/publishing-external-vulnerabilities.md b/docs/hackers/publishing-external-vulnerabilities.md index ff9c10ad843..4285302a0f3 100644 --- a/docs/hackers/publishing-external-vulnerabilities.md +++ b/docs/hackers/publishing-external-vulnerabilities.md @@ -4,8 +4,6 @@ path: "/hackers/publishing-external-vulnerabilities.html" id: "hackers/publishing-external-vulnerabilities" --- -This feature is in Private Beta and is not yet available to everyone. Let us know at https://goo.gl/forms/m944WLInuBeAZrOm1 to join the waitlist! - HackerOne provides the ability for hackers to publish their findings from external sources, not just HackerOne programs. As sharing knowledge is key toward advancing our collective ability to improve security, sharing what you’ve learned and discovered is one small way to give back to the community. ### Requirements for Publishing an External Vulnerability @@ -24,14 +22,15 @@ By publishing vulnerabilities to HackerOne, you acknowledge that you’ve met al ### Publishing a Vulnerability on HackerOne Once you’ve met all of the requirements above, you’re ready to publish your vulnerability. To publish an external vulnerability on HackerOne: -1. Go to the Directory. -2. Find the organization you want to publish a vulnerability for. You can refine your search results by entering `type:external [name of organization]`. -3. Select the organization. -4. Click the green Publish a Vulnerability button. -5. Fill out the Publish a Vulnerability report form. -6. Click Publish Vulnerability. -7. (Optional) Add a summary to your report. You can always come back and edit the summary. -8. (Optional) Add a severity rating for the vulnerability. +1. Go to [Hacktivity](https://hackerone.com/hacktivity). +2. Click the blue Publish button. + +![publish-vulernability-1](./images/publish-vulnerability-1.png) + +3. Enter the program you reported the vulnerability to and select it from the populated list. Note: This field searches all known disclosure programs from the [Directory](https://hackerone.com/directory). +4. Fill out the rest of the Publish a Vulnerability report form. +5. Click Publish Vulnerability. +6. (Optional) Add a severity rating for the vulnerability. The report will publish onto the New page of Hacktivity and have a Published icon on it to distinguish it from other reports. Users can upvote your report in Hacktivity, and the report will also display on your hacker profile. @@ -40,9 +39,7 @@ The report will publish onto the New page of Hacktivity and have a Pub ### Publishing Without Disclosing the Organization It may take some time for external organizations to get back to you about publishing the vulnerability you found, or they may not get back to you at all. In these cases, we enable you to publish your vulnerability to Hacktivity without naming the organization. -To publish without disclosing the organization: -1. Go to https://hackerone.com/redact. -2. Follow steps 4-8 in the section above. +To publish without disclosing the organization, when selecting the program in step 3 of the section above, type `redact` to select the Redacted program. All mentions of the organization and assets will be redacted when it’s published onto the New page of Hacktivity.