You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/hackers/report-states.md
+4-3Lines changed: 4 additions & 3 deletions
Original file line number
Diff line number
Diff line change
@@ -15,6 +15,7 @@ State | Detail
15
15
Pre-submission | This report state is only applicable when Human-Augmented Signal is enabled for the program. The report starts in the pre-submission state when it has been flagged as potentially invalid. A HackerOne security analyst will first review the report before it's sent to the program.
16
16
New | The report is in an unread state.
17
17
Triaged | The report is evaluated but hasn't been resolved. It is in the state of being fixed.
18
+
Retesting | The vulnerability is in the process of being [retested](retesting.html).
18
19
Needs More Info | More information is needed from the hacker about the vulnerability. Reports that are in the *Needs More Info* state for more than 30 days will automatically close and won't have a negative impact on the hacker's reputation.
19
20
20
21
There are impacts to hacker reputation when the program changes the report state. Reputation isn't impacted when the hacker changes the report state themselves. They can self-close a report until it's marked as triaged.
@@ -27,8 +28,8 @@ These are the Closed report states:
27
28
28
29
State | Detail | Change to Hacker Reputation
29
30
----- | ------ | ----------------------------
30
-
Resolved | The report is valid and no further dialogue with the hacker is needed. | Increase +7
31
+
Resolved | The report is valid and no further dialogue with the hacker is needed. | Increase +7
31
32
Informative | The report contains useful information but doesn't warrant an immediate action or a fix. A program can consider providing an alternative risk assessment or other mitigating factors, and public disclosure is available with mutual agreement. | No change
32
33
Duplicate | This issue has already been reported. Programs can build trust by attributing the issue to its original discoverer and linking it to a previous report or including other details about its discovery. Public disclosure isn't available for this state. <br><br>*Note: If a hacker files a duplicate of a public report, their reputation will go down.* | If the hacker submits the original report:<br>*Resolved*: +2<br><br><br>*Not Applicable*: -5<br><br>*Informative*: 0
33
-
Not Applicable | The report doesn't contain a valid issue and has no security implications. Security teams should describe why the report was invalid, so the hacker can improve their hacking skills. | Decrease -5
34
-
Spam | The report is invalid because the hacker didn't describe a legitimate security vulnerability. You should notify HackerOne so additional restrictions can be applied to the hacker. | Decrease -10
34
+
Not Applicable | The report doesn't contain a valid issue and has no security implications. Security teams should describe why the report was invalid, so the hacker can improve their hacking skills. | Decrease -5
35
+
Spam | The report is invalid because the hacker didn't describe a legitimate security vulnerability. You should notify HackerOne so additional restrictions can be applied to the hacker. | Decrease -10
Copy file name to clipboardExpand all lines: docs/programs/report-states.md
+1Lines changed: 1 addition & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -15,6 +15,7 @@ State | Details
15
15
Pre-submission | This report state is only applicable when Human-Augmented Signal is enabled for the program. The report starts in the pre-submission state when it has been flagged as potentially invalid. A HackerOne security analyst will first review the report before it's sent to the program.
16
16
New | The report is in an unread state.
17
17
Triaged | The report is evaluated but hasn't been resolved. It's in the state of being fixed.
18
+
Retesting | The vulnerability is in the process of being [retested](retesting.html).
18
19
Needs More Info | More information is needed from the hacker about the vulnerability. Reports that are in the *Needs More Info* state for more than 30 days will automatically close and won't have a negative impact on the hacker's reputation.
19
20
20
21
There are impacts to hacker reputation when the program changes the report state. Reputation isn't impacted when the hacker changes the report state themselves. They can self-close a report until it's marked as triaged.
0 commit comments