You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<i>This feature is in Private Beta and is not yet available to everyone. Let us know at https://goo.gl/forms/m944WLInuBeAZrOm1 to join the waitlist!</i>
8
-
9
7
HackerOne provides the ability for hackers to publish their findings from external sources, not just HackerOne programs. As sharing knowledge is key toward advancing our collective ability to improve security, sharing what you’ve learned and discovered is one small way to give back to the community.
10
8
11
9
### Requirements for Publishing an External Vulnerability
@@ -24,14 +22,12 @@ By publishing vulnerabilities to HackerOne, you acknowledge that you’ve met al
24
22
25
23
### Publishing a Vulnerability on HackerOne
26
24
Once you’ve met all of the requirements above, you’re ready to publish your vulnerability. To publish an external vulnerability on HackerOne:
27
-
1. Go to the Directory.
28
-
2. Find the organization you want to publish a vulnerability for. You can refine your search results by entering `type:external [name of organization]`.
29
-
3. Select the organization.
30
-
4. Click the green <b>Publish a Vulnerability</b> button.
31
-
5. Fill out the <b>Publish a Vulnerability</b> report form.
32
-
6. Click <b>Publish Vulnerability</b>.
33
-
7. <i>(Optional)</i> Add a summary to your report. You can always come back and edit the summary.
34
-
8. <i>(Optional)</i> Add a severity rating for the vulnerability.
25
+
1. Go to [Hacktivity](https://hackerone.com/hacktivity).
26
+
2. Click the green <b>Publish a Vulnerability</b> button.
27
+
3. Enter the program you reported the vulnerability to and select it from the populated list.<i>Note: This field searches all known disclosure programs from the [Directory](https://hackerone.com/directory).</i><ul><li>If the program doesn't populate in the list, manually enter the entire program name.</li><li>To publish without disclosing the organization, enter `redact` to select the Redacted program.</li></ul>
28
+
4. Fill out the rest of the <b>Publish a Vulnerability</b> report form.
29
+
5. Click <b>Publish Vulnerability</b>.
30
+
6. <i>(Optional)</i> Add a severity rating for the vulnerability.
35
31
36
32
The report will publish onto the <b>New</b> page of Hacktivity and have a <b>Published</b> icon on it to distinguish it from other reports. Users can upvote your report in Hacktivity, and the report will also display on your hacker profile.
37
33
@@ -40,9 +36,7 @@ The report will publish onto the <b>New</b> page of Hacktivity and have a <b>Pub
40
36
### Publishing Without Disclosing the Organization
41
37
It may take some time for external organizations to get back to you about publishing the vulnerability you found, or they may not get back to you at all. In these cases, we enable you to publish your vulnerability to Hacktivity without naming the organization.
42
38
43
-
To publish without disclosing the organization:
44
-
1. Go to https://hackerone.com/redact.
45
-
2. Follow steps 4-8 in the section above.
39
+
To publish without disclosing the organization, when selecting the program in step 3 of the section above, type `redact` to select the Redacted program.
46
40
47
41
All mentions of the organization and assets will be redacted when it’s published onto the <b>New</b> page of Hacktivity.
0 commit comments