You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Noise from invalid or low-impact reports creates a burden for programs and reduces the time that can be spent on reports that matter. With Human-Augmented Signal, analysts from HackerOne review reports flagged with a high noise probability by utilizing various criteria to classify all incoming reports automatically. This best-effort human review reduces the risk of false positives. Any report dismissed by HackerOne analysts will appear in your inbox as *Not Applicable* but will not generate a notification. While eliminating all noise is improbable, Human-Augmented Signal aids in helping to provide a 90%+ signal experience for all programs.
7
7
8
8
### How It Works
9
-
1. HackerOne's machine learning technology identifies reports that have a high chance of being invalid.
10
-
2. Reports that are flagged are reviewed by a HackerOne Security Analyst. The analyst looks at these factors to determine whether a report requires review:
9
+
1. HackerOne's machine learning technology identifies reports that have a high chance of being invalid.
10
+
2. Reports that are flagged are reviewed by a HackerOne Security Analyst. The analyst looks at these factors to determine whether a report requires review:
11
11
* Does the hacker meet the signal requirements of the program?
12
12
* Did the hacker select a weakness?
13
13
* Does the report contain abusive language?
14
14
* Does the report match earlier reported issues?
15
15
3. If a report is determined to be invalid, it'll be closed as **Not Applicable**.
16
16
17
-
HackerOne's systems are constantly improving to detect and eliminate noise across the platform. Don't hesitate to [reach out]([email protected]) if you have feedback on the common noise you see in your program.
17
+
HackerOne's systems are constantly improving to detect and eliminate noise across the platform. Don't hesitate to [reach out]([email protected]) if you have feedback on the common noise you see in your program.
18
18
19
19
### Can HackerOne View all of my Reports
20
20
No. By enabling this feature, you grant authorized HackerOne staff members temporary access to only flagged reports for the sole purpose of providing this service. Our Human-Augmented Signal services are governed by the same [Terms & Conditions](https://www.hackerone.com/terms) you have with HackerOne.
21
21
22
22
### How Do I Enable It?
23
23
To enable Human-Augmented Signal:
24
-
1. Go to your program's **Settings > Program > Signal**.
25
-
2. Select **Enabled**.
24
+
1. Go to your program's **Settings > Program > Submission**.
A hacker's reputation measures how likely their finding is to be immediately relevant and actionable. Signal is the average reputation hackers receive per report. The higher a hacker's signal is, the more reputable their report will be.
7
+
A hacker's reputation measures how likely their finding is to be immediately relevant and actionable. Signal is the average reputation hackers receive per report. The higher a hacker's signal is, the more reputable their report will be.
8
8
9
-
Signal Requirements enable a program to set a Signal threshold that hackers must reach in order to submit reports to the program. If a hacker falls below the threshold, they will have a restricted number of reports they can submit to your program. This will improve the quality of reports programs can expect to receive from hackers.
9
+
Signal Requirements enable a program to set a Signal threshold that hackers must reach in order to submit reports to the program. If a hacker falls below the threshold, they will have a restricted number of reports they can submit to your program. This will improve the quality of reports programs can expect to receive from hackers.
10
10
11
11
To enable Signal Requirements:
12
-
1. Go to **Settings > Program > Signal**.
13
-
2. Choose from 1 of these 4 options in the **Signal Requirements** section:
12
+
1. Go to **Settings > Program > Submission**.
13
+
2. Choose from 1 of these 4 options in the **Signal Requirements** section:
14
14
15
15
Option | Detail
16
16
------ | ------
17
17
Strict (≥ 1.0 Signal) | Hackers with a proven record are unrestricted, while hackers who don't meet this requirement will have a limited number of allowed submissions to your program. A strict setting makes sense for teams that prefer fewer, higher quality reports or that can only handle a smaller flow of reports as it most tightly limits hacker participation based on high Signal. This is the recommended setting for new programs.
18
-
Standard (≥ 0.0 Signal) | The recommended setting for most programs.
19
-
Lenient (≥ -1.0 Signal) | Recommended for experienced programs that want to maximize the number of hackers that'll help find vulnerabilities.
20
-
Turn off Signal Requirements | Any hacker with any level of Signal will be able to submit reports to your program. Recommended for veteran programs only.
18
+
Standard (≥ 0.0 Signal) | The recommended setting for most programs.
19
+
Lenient (≥ -1.0 Signal) | Recommended for experienced programs that want to maximize the number of hackers that'll help find vulnerabilities.
20
+
Turn off Signal Requirements | Any hacker with any level of Signal will be able to submit reports to your program. Recommended for veteran programs only.
21
21
22
22
*Note: Turning Signal Requirements down or off is better for teams that value having the maximum number of hackers to help find issues.*
23
23
24
24
When hackers don't meet the Signal Requirement:
25
25
* They can submit a capped number of important vulnerability reports.
26
-
* The number of reports they can submit will be capped based on their Signal.
26
+
* The number of reports they can submit will be capped based on their Signal.
27
27
* The number of capped reports they can submit resets every 30 days.
28
28
29
-
There is a program limit for capped reports and a total platform limit for reports sent to programs by these hackers. This provides all hackers with the opportunity to participate in a program, even if their Signal doesn't meet the program requirements.
29
+
There is a program limit for capped reports and a total platform limit for reports sent to programs by these hackers. This provides all hackers with the opportunity to participate in a program, even if their Signal doesn't meet the program requirements.
The Submission page enables you to set specific requirements for hackers to submit reports to your program. You can require hackers to meet certain [signal requirements](signal-requirements.html) and set up two-factor authentication.
8
+
9
+
### Requiring Two-Factor Authentication
10
+
To require hackers to have two-factor authentication enabled before submitting reports to your program:
11
+
1. Go to <b>Settings > Program > Submission</b>.
12
+
2. Go to the section on requiring hackers to have 2FA.
13
+
3. Click the button so that it's set to <b>Yes</b>.
14
+
15
+
16
+
17
+
Hackers that have already submitted past reports before 2FA was required will still be able to access and comment on those reports. They, however, won't be able to submit any new reports to your program without enabling 2FA.
0 commit comments