You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/programs/security-page.md
+14-11Lines changed: 14 additions & 11 deletions
Original file line number
Diff line number
Diff line change
@@ -7,9 +7,12 @@ The Security Page contains key information about your program and your security
7
7
* Disclosure policy
8
8
* Bug eligibility
9
9
* Policy for in-scope eligibility
10
+
* Bounty reward structure
11
+
12
+
10
13
11
14
### Completing the Security Page
12
-
To edit your Security Page, go to **Settings > General > Information**.
15
+
To edit your Security Page, go to **Settings > General > Information**.
13
16
14
17
A complete security page includes the following:
15
18
* Logo
@@ -32,22 +35,22 @@ Unless a security page is claimed, the page is curated by the HackerOne communit
32
35
You don't have to be a HackerOne customer in order to claim a Security Page, though signing up for a free HackerOne account is necessary.
33
36
34
37
To claim a security page:
35
-
1. Find an unclaimed security page in the directory.
36
-
37
-
<i>Note: Unclaimed pages have the **Claim this page** and the **Suggest edits** link.</i>
38
-
38
+
1. Find an unclaimed security page in the directory.
39
+
40
+
<i>Note: Unclaimed pages have the **Claim this page** and the **Suggest edits** link.</i>
41
+
39
42
40
-
41
-
<i>Claimed pages don't have the link available.</i>
42
-
43
+
44
+
<i>Claimed pages don't have the link available.</i>
45
+
43
46
44
47
45
-
2. Click the **Claim this page** link.
48
+
2. Click the **Claim this page** link.
46
49
3. A HackerOne staff will either approve or reject your claim request. If your request is approved, you'll be given editing rights to the entire page.
47
50
48
51
HackerOne reviews each claim submission for validity before granting the claim. A security page can only be claimed once. Once you claim your security page, the community can no longer edit it.
49
52
50
-
*Note: Hackers looking to claim a page need to be above a certain reputation threshold to be given direct editing rights. If they don't have rights, they can suggest changes which will get reviewed and approved by HackerOne staff.*
53
+
*Note: Hackers looking to claim a page need to be above a certain reputation threshold to be given direct editing rights. If they don't have rights, they can suggest changes which will get reviewed and approved by HackerOne staff.*
51
54
52
55
### Suggesting Edits on the Security Page
53
-
You can suggest edits to any unclaimed security page by clicking on the **Suggest edits** link. A HackerOne staff will review your changes and approve them if they are valid.
56
+
You can suggest edits to any unclaimed security page by clicking on the **Suggest edits** link. A HackerOne staff will review your changes and approve them if they are valid.
Your Security Page can list the top 5 hackers (ranked by reputation) that disclosed vulnerabilities to your program.
8
+
9
+
10
+
11
+
Hackers that earn reputation for a resolved report are automatically recognized and given Thanks on your program. Users viewing the Top Hackers section on your security page can click on <b>All Hackers</b> to be directed to your <b>Thanks</b> page.
12
+
13
+
### Program Thanks Page
14
+
The Thanks page shows all hackers that have submitted a resolved report to your program. It’s a continued list from the <b>Top hackers</b> list on your Security Page. Giving Thanks to hackers happens automatically for every report where reputation is earned. All hackers will receive Thanks when their report is resolved.
15
+
16
+
17
+
18
+
### Hacker Thanks Page
19
+
Hackers also have their own Thanks page on their profile where all of the companies they’ve submitted valid reports to are listed. The programs are listed by the hacker’s reputation for each program. The Thanks page is automatically updated after a report is resolved and reputation is gained.
0 commit comments