From 50df2695409a707e0aa33fe6bf38fc1967925dcc Mon Sep 17 00:00:00 2001
From: stacyspiva <36056941+stacyspiva@users.noreply.github.com>
Date: Wed, 22 Aug 2018 12:38:08 -0700
Subject: [PATCH 1/4] updated publish vulnerabilities with new workflow

Don't merge until global launch
---
 .../publishing-external-vulnerabilities.md    | 20 +++++++------------
 1 file changed, 7 insertions(+), 13 deletions(-)

diff --git a/docs/hackers/publishing-external-vulnerabilities.md b/docs/hackers/publishing-external-vulnerabilities.md
index ff9c10ad843..ebbbc870195 100644
--- a/docs/hackers/publishing-external-vulnerabilities.md
+++ b/docs/hackers/publishing-external-vulnerabilities.md
@@ -4,8 +4,6 @@ path: "/hackers/publishing-external-vulnerabilities.html"
 id: "hackers/publishing-external-vulnerabilities"
 ---
 
-<i>This feature is in Private Beta and is not yet available to everyone. Let us know at https://goo.gl/forms/m944WLInuBeAZrOm1 to join the waitlist!</i>
-
 HackerOne provides the ability for hackers to publish their findings from external sources, not just HackerOne programs. As sharing knowledge is key toward advancing our collective ability to improve security, sharing what you’ve learned and discovered is one small way to give back to the community.
 
 ### Requirements for Publishing an External Vulnerability
@@ -24,14 +22,12 @@ By publishing vulnerabilities to HackerOne, you acknowledge that you’ve met al
 
 ### Publishing a Vulnerability on HackerOne
 Once you’ve met all of the requirements above, you’re ready to publish your vulnerability. To publish an external vulnerability on HackerOne:
-1. Go to the Directory.
-2. Find the organization you want to publish a vulnerability for. You can refine your search results by entering `type:external [name of organization]`.
-3. Select the organization.   
-4. Click the green <b>Publish a Vulnerability</b> button.
-5. Fill out the <b>Publish a Vulnerability</b> report form.
-6. Click <b>Publish Vulnerability</b>.
-7. <i>(Optional)</i> Add a summary to your report. You can always come back and edit the summary.
-8. <i>(Optional)</i> Add a severity rating for the vulnerability.
+1. Go to [Hacktivity](https://hackerone.com/hacktivity).
+2. Click the green <b>Publish a Vulnerability</b> button.
+3. Enter the program you reported the vulnerability to and select it from the populated list.<i>Note: This field searches all known disclosure programs from the [Directory](https://hackerone.com/directory).</i><ul><li>If the program doesn't populate in the list, manually enter the entire program name.</li><li>To publish without disclosing the organization, enter `redact` to select the Redacted program.</li></ul>
+4. Fill out the rest of the <b>Publish a Vulnerability</b> report form.
+5. Click <b>Publish Vulnerability</b>.
+6. <i>(Optional)</i> Add a severity rating for the vulnerability.
 
 The report will publish onto the <b>New</b> page of Hacktivity and have a <b>Published</b> icon on it to distinguish it from other reports. Users can upvote your report in Hacktivity, and the report will also display on your hacker profile.
 
@@ -40,9 +36,7 @@ The report will publish onto the <b>New</b> page of Hacktivity and have a <b>Pub
 ### Publishing Without Disclosing the Organization
 It may take some time for external organizations to get back to you about publishing the vulnerability you found, or they may not get back to you at all. In these cases, we enable you to publish your vulnerability to Hacktivity without naming the organization. 
 
-To publish without disclosing the organization: 
-1. Go to https://hackerone.com/redact.
-2. Follow steps 4-8 in the section above. 
+To publish without disclosing the organization, when selecting the program in step 3 of the section above, type `redact` to select the Redacted program.
 
 All mentions of the organization and assets will be redacted when it’s published onto the <b>New</b> page of Hacktivity.
 

From 3eeb27d9a796890182bee31fb2440cd12f8b711a Mon Sep 17 00:00:00 2001
From: stacyspiva <36056941+stacyspiva@users.noreply.github.com>
Date: Fri, 24 Aug 2018 13:48:27 -0700
Subject: [PATCH 2/4] Update publishing-external-vulnerabilities.md

---
 docs/hackers/publishing-external-vulnerabilities.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/hackers/publishing-external-vulnerabilities.md b/docs/hackers/publishing-external-vulnerabilities.md
index ebbbc870195..405414bd00b 100644
--- a/docs/hackers/publishing-external-vulnerabilities.md
+++ b/docs/hackers/publishing-external-vulnerabilities.md
@@ -23,7 +23,7 @@ By publishing vulnerabilities to HackerOne, you acknowledge that you’ve met al
 ### Publishing a Vulnerability on HackerOne
 Once you’ve met all of the requirements above, you’re ready to publish your vulnerability. To publish an external vulnerability on HackerOne:
 1. Go to [Hacktivity](https://hackerone.com/hacktivity).
-2. Click the green <b>Publish a Vulnerability</b> button.
+2. Click the blue <b>Publish</b> button.
 3. Enter the program you reported the vulnerability to and select it from the populated list.<i>Note: This field searches all known disclosure programs from the [Directory](https://hackerone.com/directory).</i><ul><li>If the program doesn't populate in the list, manually enter the entire program name.</li><li>To publish without disclosing the organization, enter `redact` to select the Redacted program.</li></ul>
 4. Fill out the rest of the <b>Publish a Vulnerability</b> report form.
 5. Click <b>Publish Vulnerability</b>.

From b313e2b6c4e054550ee48f0a6f83490c59ef4c9f Mon Sep 17 00:00:00 2001
From: stacyspiva <36056941+stacyspiva@users.noreply.github.com>
Date: Fri, 24 Aug 2018 13:56:56 -0700
Subject: [PATCH 3/4] Add files via upload

---
 docs/hackers/images/publish-vulnerability-1.png | Bin 0 -> 11393 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)
 create mode 100644 docs/hackers/images/publish-vulnerability-1.png

diff --git a/docs/hackers/images/publish-vulnerability-1.png b/docs/hackers/images/publish-vulnerability-1.png
new file mode 100644
index 0000000000000000000000000000000000000000..e8832af6d7b77df9d2fa40c42ef95d80e9ac6524
GIT binary patch
literal 11393
zcmeHsWmH^C*JdMuKyY^&Cyl$iyLICdq#?L_fZ*;l1W!7+yGs&+TY@`Dkl-OCK!6bD
z<h?idyEF4^)_i|vt?9M8`_!qby`Q~n*FLBA6R)eSf{RUs4FZ91)l?PrK_FBJa9wjB
z1Nen0$6A3vIP8uJ3c6|v3SeC?cY8+{I0&Q~k1)c7W{#2-^)oXtytu~*X8F#lTCcD0
z01T#eiDFLEwb8uK=x3)F-um3;bwXVNdk2{;8TCaI`^B$@=g6AGd(;s33{Y3lM)2o#
z@7-b^|C6<w_555h0Z_%T*V|9#P_(C#dVS2?oN>7sc|*)n=*-XWjl4oJ_U_R4eB|On
z@|1t>&S1j=Gp?uKhUfD9+mA3(Ejp{Qd!YDe(MYzPUAZ25&{`o!_BNXAUU*Qm<CRTZ
zd>YHUY}p8c{Bh50qTn&l7$TL2E<~S<3Chu)%kOwFn}8}t1Nk0wn7m6hz4tbSu}Bx)
zljCiuIZ7<%SBE&2ogJ-k<8>;V!=x`i?QRDgh8lG6*qkXiy!GPL8+0L4JDPVg<6rw(
zc#MQe25^L{WQpk5rcEr{3m&F>X-5A@VrLS^u;GfU#}32}77Jxei)O=H3HzXK(qR7-
z1*E>?8NtLL{B#MLMNKPIaXC&B)5H+dszMxfb%efSp2e0+B(g`(wXLD>DVA3S8OPH8
zFms0)1Mhkb{GmDaNgD|kQ3gWty~e#aC6D9g!F?Q)@u@T|ftJjVl<=2T?L57vPGyE=
z%a{eV9V2r;tHqwZ>A5HG_Z^%vM$R0?@!2M`gXW%yMO^dMOjZR$kz}Yx96wLZGahxC
z?NnI8x5!Tz$L$H;wwT9_hM{iH%-yj)yIa7akKNp*&0WTxc!H-=wRF7(TARfP8`beT
zxZ+Sb32>gtVwhn(Lv0Fg=q<0r{H31~g^HK<l=BtlMP%L!%FzTu!k<HtjHl#^Pr$TA
z<Ruh4k*F1S{57!9W4SV$7Fj+fOv!Lje8mX!A7*9GSg2C6(diVDPs{hrM})|Qua<Pg
z%dXQ>DCBWiV~7>vg*&8AVsAd^ol=AH1y16Falc;M>jcQ}fhC#EnS6-cw8+RbLLW_`
z+sd(RQ;0va7`j~knEkGrnl9=_{_dT~)T{GwsS|9bd!K&swo%W8PQ!!?zP6j<T{B8#
z=$+m70xe&wU^uloxeZuuBd+_%)Ga9o=526Oe?G%J?7sf`i2mv&OB=yzY~fIfwL_y}
z4Hj=Bld*swiUjlUfb&+PjVq2)qQU8CcxaT&;1<qMmXX$h@#m%EAAue?+ut61+sTg>
zQj)Y_oFLj3K>O%8>CmKP9;>J6pu!fAFg6{!^ZqR6h3G8dP^Wv>6)Wh6Ha!K!<J+>t
z9`sjz3Lss#uvrt|*T+xro(fcV@T-OE$BxUO%c2~3l<%Q11^Af^Bo%~9oT8wB(G{Ok
zq=EEbGaEagn3ogr;!dD{lYPjJsqtF9fy@Qn>=j-E_0c`8=cF`f<*x!gu*}i?KbY>L
z^2qW8U|tiVGcX87rR*^b#oe=s6=f=lqbG_`WbjmlWTe<JFe=7ODDE=tsIoMXEho(}
z_A_Co+m4u&pmjz|%66qMj<As^R8|N(#hD^s>gfm)Br6iXi+@ZePRb>(@osR>sRd&_
zS{OO}?%SSF3vo#Jg*C`vkm4DZeQKZ$Cntu+06!m=Fg3?ORRdKGopbozchVZ-!`ITE
z6bn)WJcBzd2fiv6B<c)0Y?1yjeS*0WSNy8}1OBPyPmXY9UhooO50;BOHbWwBvaWgs
zqYD!axF9OHJn=L|m6<=zP!Yf5Qa^tAE#+J6PeC?lU)dWYf5a`RFs6T3^<%cu$B9=M
zV?$&tr1_<%q;Y3<snSECuq0RkOdd7^RfG&eU=RryUbVSlVAYJy0@y6Aca+bLE>JuW
zE0Ciz`bqkl(n<Ma{TlYZEOd2YI2~N5w8$&NE9XoZ2AhY@Yxova>H5|kIL%8{IY8+v
zLQ9<VTq`*b(5sTVo^=%lWd$W($0)xvnL&N**z#n>#+2(=^jP{hlFDLIF1dEdApfOd
z?Lvj0$#JQ;$-2ChZb(K@dJy7T`aJPKipmaG12-E(#kNhkbx1CmnkppEM~iKeVp4Jv
zd$KUkL8#a<y@j(?z9qnv#nh}N#aRkz>mwkZI8{1b?p|74;_pb@THCU`vb?gh(%rh+
z8tmKRWA2;bgY8@8i?{E?&l|%MIXMF7v_68HJ3OJX7G?B64||IwJZIug4XBsU7m>}W
zH!E9x9;|hlNoT;L$fM$(Ynizr6=J?=7*_C0@D}%)?L1i7DfK($D6NUG*O!r1jEeAD
zxq{a?kz5$$IM+DII0HC?G0r%t)E5+dNvKIp$%YiP!Uw`-)Hjq5l8q?n`9i1WtTFh#
zbE|XNp7pX~uzqCa&zxjEX1y&lEQ>E2EW<6koM5*vvd^{Wm{^$znoOP?&YKpj7wC7D
zYddWrFs^A5b^W?AGseH{6%Nnb5#X@kXoIE03g<1H^IH4Qp@&q5)xwI@I{7sD=fXKI
zdS)VK;jXR6N)mHZ>)MaoH|lIjtg{x`-&f@6i5yj4gkRjd@V&sNp}^C_8^qJX<59^^
z)u!%s`M&?&igumGo3>qi!*j+f!2{yw<Qa7Aaya2z=ht^2?~Ub~yESukHa0(n_|o<I
zyo`F?wPqEyUAUd+gzkjsGU(C`-#gVO)t630vQ^4fibHZbfUqZ`XE&fVDCE1}<<#ZI
z;ca_ruTILecCmwP&Cuzv3+=a&#kriV?&bE`)cu^3_R;#;&9}u{R$F(xuQ;EQH*kG$
ze6ID#??c_I9Jv&^jOS=_UraV?Oln@fHuf;~F!2bEGgP%1SxLKjQTD>*h3|`AYd33w
zHz_g1Z<q#hqBkE=H+3GF`ngA`yse2NPM;h3G18ij|I+0pvmTf2`$j_BoYY=wS3<4?
zw*(Zvqh~vOmo~LF<wL*tQbf7^%+EX6JheRqwzP+5x7dciB!%S=WHm5<)JFOuIUBju
zq#Wh-U1x5#KWvX}Pi4J-*sMQQeo&5WkUy*HsOGpjb3GKBWF^+;9I+ZTgSE(Js>N9l
z;Fs~MWKAuWwOVIab0bGvRY!X>_g60QK;_5p@CJbe_;)XpHP{+?4`>71Qe-p7YBVfw
zKi?$xigR4VInc2Em6a~b9${0Ib98;vK(mN_|8)H5a*;q<e!*&5c}7l=zitW37-8Wv
z8^KZ!_1GnCbI3`-ft2sgoTXZcT|P;=c9!sG=K+n2d%3Mg<jaw${SgNd__G;h#~gE<
zB&3$l+$2KYe=k>hq0~S5%E7~-Wl}I#%zZb~B)nO8TG`%V!Y$ucxZF;Aajl_KVpnf>
zXX2)Lsj;K!$MMhYD=wB87H<u@TcQgMi%QeVlJ7&P#rLSmKRt+kuu9&^Y1+K!Oj&<q
z-f0^MyZVgnHrQ!Z7;15Q`0CTd;IYP9j*GFnIm9$5B=@d~7LkWgLZoJ=T5NPgbRt~_
zR}q;;MYUeFD;)_<>TOltzH<k=Lc7k{byq!x4Hu@qy1oPAk-muwy;jp^VSx&-Vy=^8
zsK-S@SD4p)yuFuphp5K$s<_^A-7_n4(OL<*7Mb33YTtL~*t~#uKMww!(m~7SB<1An
zPjzIjAG<Jm(B-eS<m>2vda@gIb3KWh6mur^DAi^9+vaRof1ik#`>OPG$oUP|MZJWq
zjP635ptk#wE0LhDaJjHQO_J!+!lzlU5BRY%ZS8q2hV(OHE!(_19-|+_nUqwnQxZ}y
zXvW1aDqOu*3%4E)*B4RvBX8}tM+M5|b!cU11FlCXHw9`PdZ+0mKL^(B_uO0!J#Zt(
z`?-JdIo$8^VknW0JfA1f!fBsk*7HZx-HxqMM14WmSYOaD)9<Y*hw+Q<8_zsmeq;Tz
z+icd^Zn@6gu^#4dV)16ZDVXZA>V$f&{wim(pGtgP0$=KWsK-a^p92!99jTU*+0wt(
zU}sSmB?pyXXIC7ircJvQx_PAN?|KfSe<+3N>|5o9)doA>dfjcJgjwxr?H>oR1PYyY
zeM;WQKX$j+Y&##kSP#p&th)<Y#_YwHkPZr!ynT2zJNwJASgqJ7tnq5*Oz7-zJ-jCz
zg-_*;p7}lArFRpWAWL`5r`gyb+6@NwErh#3G<fW?1U39F3h_lGx&uuYU*bxrz?bBy
zRD;P>be}a(e*_ykXl@YRftw&WJ7}_>h;79gg^z~jj)MYj1)VDK^S<j3ee_}6Q1yZg
zq*4yqjPgqFmlNq6dk<IsXnq>`lN#5;YyVnb-4!@GV0oyTc!NM>EWf`fYWmElAP`ES
zBh=W(SW8pf*4>rc+Rohu&K=<D0gMKLBm=~OOINs$H8{Z4#m!qhK#K7{BgBF0-?w=f
z!T%ZJ<1EE!tfdQ9aQA|Pg}4Q|c^Rd#!C<hYmz}-1zM}Hq(}9*0<6|Em4{;tIe}8{&
ze*tcHF9#kzF)=Y7UVa{aelB1Hmv^9>k97c-n>W*6LjK56gnQe1IePdwy1RjY%eA&~
z_w|utWc;n@pU+=7;Q@~SrOD0vZ?gacd4Bis@Nx6<{39EfD*5}axUORW+{IYY(G~9I
z4d{>-5)zdB&-nkX=f5=mYo^J6&Eyl||M$#)_53|klIOPp|1#(=Z~f;k;4W!wNuGaP
zFO41X)xH5(4H`#99VqaR`g>`Bk0J17|N9@f#t#{#{GtW?tEnl<K?6{Z3Jx<#=1E`a
zTuS;m<lM`?>>9c0jKCm8r2SCUoKsJag$+Tf^{>eKOU{Ow5lug{pwe$k7@gi_*`Tr~
z;NL$ZQ#2t!C(F)xbuty~HMPDjs)RF<q~O{8c@f6>a&_JN<coP#nD0p^t>o7MHpm+k
zl>4$ERD!1<bV+6cFoe!NIt>i^>z)TX0Vyjg`rpkBB3WpU7H+uQU!%cKD|j*gj6BT-
zAwRh~-N*TlAmFZIwAkN5o<3~{#JC$MJo>HU_XIFx;vbzoEKe%}@~KcG|LT$j=~?6b
z4F~*z3q^5ob&i1I4}v&s@4t0}P~5S=kd3mKSAP)5LZ6}iQ4pX3()%hbgpTn?4e|}m
z-@0XAnW4rdv{y3l{;`^XboY;L)c<ed|FnwXA38T>j8M@2_@Cf3T~-%@ARwg|P|*D2
zY*pR&Xn21bvaeJC_okXKu>Nr`4G;?P|81dQ+<c!zgK?lUp`aI<!GodU6<EQjz(m@Z
ze04PGP6j`j<wOnNV1GxS+a@b65I#{<lveccg-;7+hW3iP82FtjIssx~%zr$2LD7!c
zEIm9CzPxIc=6d6Gc9ok^(5aj4Wm1w<*|Jt}8uE(up*1_ds||Z|Sxl23+|-aqYkcA)
zO7jQ@9rjf!^6jDvYMgp=yqApo{Vb?rT}sx@lB`<W@$@*`aH7|lxmq2Lk)83*AWifl
zZBQmRDkakgMa3|?neb}lcWr!lsE+<Zo$7d#nA-kWREB!Q1Jqgtke*|qdHb5`x50$!
zqND2;Fm)Sz-Ju%kAq!SVmq%ou)afqNy81WqJ1EPu?qv{QqMJs8kTZ~6x7VJQ@1?Wa
z{XTEsq6IE5T4f~~jX`xyJ?IoeMz(Gt9OTS98>J5e?O^#AHOxq9&QGzjlYl4k^gM0m
z?wjlK1zOL>xvb}BdgnkgCTG)#T4{*Bu!olfjeZ|}@x)nAz33`bnQU!n1>gInFR*)S
zGY_+=_d9vU&wj=*EH_E;T*)idI7FkN>M=ipA=<J=3LhAp9d&6hRuc_+5(uDEF+8mh
zluveMlzVilZxVW$kuX+AW0ua8&KJ=`hjIur=>)U%hc+2p@9OJy(s6{6^8l{xIU9Xk
zb-zGJ&qRhf9|jc#6JVmULi+jia$_srG88Ah5C#Uh7Kn00pld=ytC2ROq<Ht=hJ%nq
zv7G!dK|ppmC))ZsLLdue%!HuUrh}0BOzhf;q$r9khWmEB^ML(MR8LaSfHt0q9nLwB
z+zwcVuF?UlimWhnQzjI}Qf1u&G7dmZ&CKYdDnR1A;13#1piR>>LU8~jt~rgQZ%n|t
z#cNjGZ&3z1lAnum83K}xOEX_XiDjWxj;CUHKwH!<oo^0EN|iYjpH*T2jJZ(4$H_nk
zm7J$(4dBv7b+*V#)~6NF*$>_{K-+VK(Y7K7z|6xpm5Kvk<ga9WM+HC-iulxGOehPr
zL1<$bXaN$-UVjz^jQo_QG^EP|V79a=pr-_&*y$@h7XplOLLYQ&WPDoj7E*{)mIp}G
zik$WYa`#(?#H1INz`)+OqB8sdl#!AIS!ZUzsQU@CHcEg|FmXyvAwXgtM)4Mqm*W-4
zC>45vfkE+}p>_bqbT!iO1yuk7AxZgQ0$^0N5C1bKK%x+?^zi?|LLfOIQU=6L+ZQF@
zHL>8=+wX9z^(kpB8ksY=pxXzkCUrQlZD4Pu6mzNd8K-CbI?1Pz182<D9~Ne(VV<aJ
z7^ytpG)PAqPH4JReNkq{M$9N6Xx|;WQlcC4{aRr-vFWfmLh}FzuI$h5KcUgJY0;sd
z{jyx+tZ^fZSw#3%Uf)i2rv1a0utWp?W(kJETv@+R{WRLxGyR3tWPzK5qsL+LP-LMD
z(me^-Z4@GP37~NH#IfHo9vQr9H~6!JGq*5H-=w4_4063aNj@kwH+`rOdTL|hw-*`s
z`D0JPoj&jy*cf{oAg(})XoG&B``K^0$RJS8Y<H@!_N$MJ<8X5-rT8N3PWXM}Va`TT
zn!}>+7-RDKS%YV=q2-bwWA7|+lZ%^vXiu31**WXZUM|vQH7CcYeP??HM*9dYR&81!
z)xN~tZESS9c!MTerjPHZl|Am-%&Nv;4_*-<`n`xhdL5c+fVq)P#`JqucnAylKou)i
zD^|77lAbP5(rsYAEl+IPd0B8IWBOAWfv&i-Fttn_B7yW`lK&~4@;i#{5qx5(o`i_#
zc9xxyN+fZ{c-LGeg_&t?={%kpRTK93)i^xR`Wui-GBZEA3}R_A&3>>?922x4%9G%D
zxM`A}y*#TR7V_dKJ8NS--=A?obpi^ddNCwK5QhiExOgYyj5yX?CFt(7`pE8j;MM6P
zOKqof=6vG)$N1afeOW*EfTKm{b3``ommRyqje-JE1E&D2J^Ms;MncsxuCx=Z@RoA4
zQOEjZE+dnA^_RCoaq5M4yrQ(IgiOG;=CqD7lL+sK8<Qj@%}fK*rTNxA{CG$80PXH|
z_srQh75*6kp{yk7?{}R7Y+s!EhhI-8n(9@?!OS(WYdX*8Ix`C1hh`t_&S0$sI3;(n
zN-Y?9T|ZgIiWHjND3#)0cxj{6YgpT;K4}Kg@ay++YO!L?Cr2bTacjWL!{XO(l%*hT
zE(ph2do$N3$M1r19nXieTe<iAjWZi)Gg+hfO_c1Le!23M35Fi_JWM&?HJ^9pEE^9h
z9G&z!4y-)U3-mmU>#4XEv<RwAo~+~9$8B1vahCVd4h}r(uKCR7gsCB;H%{?YI1-3c
zoP@Oj4OCB3gvND)5JQK*qk2(CzXi2XCWPfhPcIwK7y6NLx^)YI7fe~PP&@mByDxLG
z=l#E=Abj%@*1MO?+o82%&yqCvu?yp#_;ftSze^DQnv#$p)Nh*U+<!75Ru#f41(C_@
zMjbuG00(~v^J`)+E?^&HKrjXW*i?nGK6X#Wn#=2JA?74z?+%@IP@<$;J-3}~W2NV4
zQS+Och{9H>2oWJ|FY#4}A4C}<IJLW{wg-l+xFGp0M#B)@g?AE0^&-oo&O7$9O0LBx
z<}02RANt0J2wKtf;!TI*+9`p6wAbCHvm}bEt}uVEF0al3-ds5DmoZtDzTm~*p5&u!
ztbNt)h}bFLbX~;s)n~1u`KfecWEsM9SaqM3!|!|LeaW^iEx^|G?2kEZ_VDq#g6g3q
zJgVvnW1(RP8!Lz5RYO7o%t}+$MdIu8u>_chUx=xPlwf4nz~`Xu&@Ncq?tv72zfQkV
zFsue^sbq`xSP!c;LjZ2W?(Ab;O_qG}VgKDh;&DI|(;QE49&PQl%UaQFX+y;J*&PSO
zPlveLjTEwq=Zdt6b^R>;1j!r>HB8dGt864nxp5T?1w-DC5bFs84}lr;qP0mTR8Jzr
z;>Kbrxkad08U7>Z?AEcjOw}vfjuzLsbCjYefjjFpMVX6q2;}O_&%|N=CRJ)rwrU#5
ze(RCZ1TI8UVnT25_9*7+`i*H&Yn6>zkkt*CLyR<S#}>#4?c}T0<KnD17Y*&|QD)pT
zJFI4`*U)OnYHQeTWa@(^vud$LVp20F)1~~ha=NjRPs<ODNCVx&EQL=-s*IzW?6mdi
zi~>!21&_1+T+~LW+_Y>oC0Ae>M-4+Cwdi+BpCdBhL0Y~_gUn+?kG<ehyoP#Bq0gZF
z9%iMfxFkFDW8Te%mPkJ^<bMrdLekZ9@4bN6Ff5nlVQfajhYe#<y|#ndLNyMyy@rZM
zh0HmvV!ow)VWqi9FI^6T;F||0y<8WlqK6E*<)rEJ<NDe*7~ENJ?VPq!3NmvBn}5gn
zA~9lFfXHj}EUU((h>W@!=7hI@Hf4QlJ1)=q&~=4A6YAeY{w}1Br%NF4pu0>3{^8T!
zgHyZ%vGS=LbDjzL^-r#(6~d%s!6=2WXPQSYxz6TmJq2$U(W5KO(W35Luz-i4MoFg-
zCMCIE<7I_0%K+WN0;bJmqs2<34Fat?ZE2vxs-36*m-Q6a>!rv`x7ut$1?W+!%Yx5!
zjG?6E0_M$ALlKw#Q7VfsmKho4{W<BYt*L`HP2^p-zT<I+Pg;NF)CYfDJy(Q>bIaBC
z3b0%P`$uGJCGp5b&9NUlBmSAt{rr;U^m&%zuXLHt{<lZc$X;>NkIOGei<r84Y`wgS
zvFCZ{4?Uzf3@xq(4hOUiUG^&oUXX$n;evNRUAO=PoOilQm8q%q-dDv->8^8}!Kjos
z^{cz#b%xtD7jZPArXHj*Tc*|xMTBN$ohmFyN~FzXP21e}gudJhcL)R1O1(bRx&cmd
z=y{cU@p@@yTr-5LFMeYDi=D+F(%;m$y+U*TSC+Kvr;zU_!fd9jY!0pBHj~ZeQ_DoU
zqvx*+XlM|^wl>49NE?0lt*Bqo@mV9BX?5`X+yLcbfOGxjU9<Z9b-RlBdF6Yf%gux^
z&A74J=TrV0PN;V%Akf_%ixP|u1j1YXeW*SzbatoNA$>Z1G<9-KW}6vI^Vx|_`+k%L
zI|;iky4-X5d!$vS@rDPnXD^(>G^<1RMAYl!%HEOas@+F_BgB9%uZt~+l@ldfAlkNd
zzTpr&)j?)&9sa6LT;Pj9#@58q$wY9Gz~iEV%brA|MXe=pnk;Jh5ZcvwTaRSObCT{o
zZj=0Uv$k!!StqL)j3-x*Ygipv(Q>&HNYukg#(gOz$VY}9&;k!5t7ydZGQCQ<=T|f<
zjB3V5dfWZR-tk*q@0M=+uYNmQEXUTLU5vcDB@bKnP!9D_h^;X@8E?9B?7Xv@J=@bz
zdWbk^vW6>%hN|Rnnx$obt(0w(GRwj||K{CpeY-}x=rh9N9AeTuhcDB88;wjl6eYhb
z-|my>f~#)Y1_s!;>-}n~20ysbZ}J0kU9P=*I4~~oamh*)n$31W%CZ&QwEZS)&BsK$
zZY2#7Xi@aT5zDr9Nk)=(<b9^lZRJ=n{k%LY*>nt|@8^$Q?d1wvOAk49x;2aY^$4E1
zf$5cJB6VjwbzgkOl&*t4^i1hyE+u=)DfnA12jSfTTFRlm{{9p?=0g*r45wOH0dZp@
zN+X|Ns)HXQn}XC#{rWAld++K-;@{_K?xJC#rYA_3aLjjURvVLiAO1DUcQc(*&j`t>
zo>=p?jm4?H&((SQO=&QtxTt27X_|D$y?Z`m*M(Jg(?D;z2H9j7y~l^3Ax1P?89+H>
zYR1Om5@JVVM`x-A9rumitC!o`NR{h*8s3|%gGXfYEDU^|CPm0p6Wm%4w`4)rAoIB>
z`4vy@y6{L5Ni}occ@@T*w&Dv972(>3R~+a_72s{zQkz0A@jkN>)UdL`CF})rw-v`I
zUoCsmVdV9A+oS^J)kl8`yW8jW^T{ngf5kfn?&ZoGr}K3-V&1j4IDKWRRgB_)mzi;M
zE|uDAj8jcOZ3w(7kyTeDr7UjKPm{w}1q6_v0*OLHUrK-f($}ZJK`F2p5TGO1=7>N(
zKjUrq@RI|Qd6hdB1G6~lVkH^hEw>AGS0{6fwy&f+d=E(+O~QKbR+~j@<Z0H&ds~?>
zR$Nq&jp;`s4YTI|%BR<eJwG<sr=DX7B|z|WCkN1?rUPdNMMhj4BrUo*8EG|msb!*U
zp0Y6^No`C9Ca>&U_1IL2G3VQMS7P(otXVe{r2lbX({A^DJs9#3QJ{U>qeXjb=bZCQ
zb%(#`r{`xM(H$fmlXG_Ibnt<LA=CwXr0j`H^Jbw5Pfde)^%kvOIDh!^H)S=;C(WFg
z8<nd4>I-WL*hv0?6d8sz5+FV4^Q+MmGkj>OcqX|Nc{`R~vm}@%_0H->M`=R__MkkW
z#>x7YYSBCku~C;*GRG~g1I1`DwU&Ya>o8t-%c7PqT2X@Y_{-P`w#*R=-znSl-1gTT
z^`>tKeRlGJ@o6jQjQIWP0^{hn+XL5LtS)&P54aZ4ymwStj}{x9WxfTe70p%_M^a_N
z%n1<FYrklo%Gv;DqIflya6uvu6R4)*Lba-SzZi#E{YZ2#&BBvl#qyLI^0!q)8c^(-
zJEqJws*!RfxE(Lk<@z!U$M=wXu4_^OB@j#~wpX8Ov3iu&rSVHw|8h1JnVQk@*zqQv
z;Kv)HRbSp8j9tI}MvjOMaa?Xu-ci{ZtCDr^tF|dMkXVRqGTv$|LX?V=+7UGylsZno
z_F77Eu4jNG`^(%AsQ!M%7VBirz(D0rRQHc%`{sKuN$bm+A55hqVhH^Wm1pf$TbV1j
zaP7>CSxE27r8Nw(oRAQoRJ(Vz>}v6`iuTZ<v26Bzylk*RiwZN7ms~p=B4Om~tdN*b
zO;v{eLX|o}o#u5H(gu-^Yr50vms#gGv-!EKRn3@XG{~tY!8Rg`2jio$U$4{TApCf-
z(z!L74iRHkY;m6%I6Y=m_z+E)qk57dd{@w&XZcxi7Id#$>aLf|VTr^LjOJb%Z(G-&
z-J{X<y>vN_2FK?)_Hfx8dNahJ6Wi?d>78o1lS_Q_dA@P9O{lvmwfzI}QhmHs{Dbe~
zg^PZB`ZiXYK}S!7rR<LD+CEj(oISF!A<Yumtc{sZ^@vXHW2lz5GtjwQTcR|yb3sgb
zyJz`2Rj}Vem<&sot2F9s<1e3a3$#6~{Cs}CagtSIxWCjSO<XtCxIvQ1=)BQ7ui5tf
zx;M4@?BZ+Hk(7D*z!%uSR@?R7MYZ?Gv6sIBi-gg0?7D^T44sNO7u$+*^SP&^4OE7_
zhx;;)f?Ao04FsyosIHWJi+4u#CULf$*nneqp^w<*9YVH1sZ^yLTEob%6J|C)P(^7t
z-{3TS<X`%P&^)+fH5JC7se2?T1)(WgQHIffAntlI1R=ekbGB@KScngkR6du`aatjn
zDJ8|pUum3P{hk67^fJNfj~(o*AFQHXkm0Yx52~KgJm|wpa%GiSzy7sz9m3*Q)Wl6F
zUAxs@L~PbLTe;QX$QI01|J4|Of-+=%=zVFuMa8UMh?KZxZ{2bJ595g|`R5v$4%uwf
z54y`-FQm<sUHb*7VzIK$Cyd?4kGxzHt<$|4E-7?we&rfm+v3!8k>ud&#cPyNIB)<Z
zjoOmYPDUm06mrHXjk0i;kMI=Ac=XX?#%atbP<GWp+#8u;gZ!lSJi}n&A^pt>A#wIH
zPpb2IKy8Grmz|7BuNy4-O%UuT&o9JCL~(F_qMKF(`N{7WF|8ExOf6^tJMq}*-e6mo
zA));Np}@`Lua@cMtW=nq<m!9;drsnpQjR$#OU5qG{It5;VBtp(S{&-d%vc<ScbVx`
zpcw@gHqOdGWllL}tC0<;nn*{ZzXOUPj-WSn#6Ve_ZRW^6EiNHHP{(U7PCcVp!(|f4
z0+S;ik{7`FWT`w2L<O{QWtV&-fC9N<-Z~DEo~OVUwG=8nH7~#TT1sG{DJfHii-7XU
z4GEDfP>w1^x!<h~RCEedoAc!uA#S@;qk2pbwJGjKA>a@z$TaYE38*aD6w9MN22!#h
z$a)cY-Ao{M^b=539GvW76LV5z8C_;+v;TcSvJ<5X29o8Gfhq_WXk&nn#N|MGo{W=j
z81WSyxtGi;$ra3E-ES9u*EW)HhHZ6#M^^|o)^nhKGXsjUU<1%=mn=_$2}wo16>V1#
zBA6X=mhylCR9^bWfFoe_8g&>@1Od2IPa6)=fqH$sU^gW*@{|2WCXEm>WBZ86OaK5N
zz)zDZ1>~QLhs;kgfHoR|Um<{AG~He#QW3f~5uEW-`Txq<%EM?^lbhep=E5`P4jb`f
zK{RY10vUmVVNbQ0aNQYgx!ezK0JZs8n{8uW#m|fM9?4py{sVLqPtH3vY$IAFeaCbS
zLx*j02!z^@5u!H6)A)oBMR6zb>eML-D@hCE>{W_m;Kd`8siFrZ=JB4qIO~q6`&p`Y
zJz3`B+vB}v-FA-w$6m*Ha0Vz2Hb!-moG41C4O?-KeTyCQ+E&zJ{Wfvek#)yBm^U8u
z`}N9f0ls}vEn(;JBHL&Q{NX;}x^%^E3j0R$oPjS!@H;coK(8=0?W6_fS1|J)QX5)t
z_0J(e-BO)_8rprmd>l+1PxcSr6Fs0trvXZqq8X3L2U_~FnhnBxZslNpefk;xDMoP3
z@}~(b>0Yhc(+P<pN}4upL(551Cw3t`1!pF8q*-QAC^zkxYFH}Ua*}UtgWM}zAd;v9
z{rJ_*_6=&|ld5ZIq)ZSB!&PSo5^%9V@w8cDIb#cJp|s3)<&sEYwMK|~G4^OgUzWLa
z0b&xuUY%10Pd~YF<ar`BBgZRxza<TbBKc<pkUaF7Abv56oUL-Fvo=GRramjwQd6G*
z@pyM)M=!TxNk_*>{n}^DA>dt(kVeS<@mYyNFbwbt72uWDBngW8*3vm&s){mPh@o|(
zG(z@r8B732wT3I1={-5lKW}}@&%vulCtw>XD**)T@$)e;hQBF?$5_CQVxbVj`om!y
z17X(^3HcoLH|g`71=ttakG7frP#7)0%O`kM1;l?-S>f40bel$`Xa1q3-r)fOEK%X5
z{fFW(l?M_6ma;bL-*nS|3y7yimC&QR<)ME#EObVdSJc$h3Q)!zG7R*;RXrs<ohlHE
ztnlFZgN{HAbz^Rh1W7bH$IJc)Vb2rk)Cv#!e~pP#XP$lY{117?iyDW0iSoxq=|E{)
zQCJA)Uu0hJAKoo|1gI%9=2Kz(gA4ga>JPmmYX>BRbS+%8|6=n#()}Ucz)gUoN6KRU
z#UFa$|AWW`@Tr}_z`y9cj(^C-I8GpQG*w#vi$GlahwD=Wm`9@JIo^Nqc_)8pKXgW*
r<{t0jMDZ^M@$w(C@BeKxe?35-$?T3kajpQEWRRMYwql+9qlo_jG#=jG

literal 0
HcmV?d00001


From d6c648d77a6d05a171471439f7dc0fe024c31564 Mon Sep 17 00:00:00 2001
From: stacyspiva <36056941+stacyspiva@users.noreply.github.com>
Date: Fri, 24 Aug 2018 13:58:08 -0700
Subject: [PATCH 4/4] Update publishing-external-vulnerabilities.md

---
 docs/hackers/publishing-external-vulnerabilities.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/docs/hackers/publishing-external-vulnerabilities.md b/docs/hackers/publishing-external-vulnerabilities.md
index 405414bd00b..4285302a0f3 100644
--- a/docs/hackers/publishing-external-vulnerabilities.md
+++ b/docs/hackers/publishing-external-vulnerabilities.md
@@ -24,7 +24,10 @@ By publishing vulnerabilities to HackerOne, you acknowledge that you’ve met al
 Once you’ve met all of the requirements above, you’re ready to publish your vulnerability. To publish an external vulnerability on HackerOne:
 1. Go to [Hacktivity](https://hackerone.com/hacktivity).
 2. Click the blue <b>Publish</b> button.
-3. Enter the program you reported the vulnerability to and select it from the populated list.<i>Note: This field searches all known disclosure programs from the [Directory](https://hackerone.com/directory).</i><ul><li>If the program doesn't populate in the list, manually enter the entire program name.</li><li>To publish without disclosing the organization, enter `redact` to select the Redacted program.</li></ul>
+
+![publish-vulernability-1](./images/publish-vulnerability-1.png)
+
+3. Enter the program you reported the vulnerability to and select it from the populated list. <i>Note: This field searches all known disclosure programs from the [Directory](https://hackerone.com/directory).</i><ul><li>If the program doesn't populate in the list, manually enter the entire program name.</li><li>To publish without disclosing the organization, enter `redact` to select the Redacted program.</li></ul>
 4. Fill out the rest of the <b>Publish a Vulnerability</b> report form.
 5. Click <b>Publish Vulnerability</b>.
 6. <i>(Optional)</i> Add a severity rating for the vulnerability.