id: "hackers/disclosure"

Disclosure enables programs to be transparent about the security vulnerabilities found for their program. HackerOne's disclosure process balances transparency with control over what information is shared.

Programs can choose from 3 disclosure settings:

Disclosure requiring Mutual Agreement | You can request disclosure for any closed report in the program. If the program security team agrees to disclosure, the contents of the report will be made public. If the security team doesn't take any action, the contents of the report will remain private. <br><br>*The program must request to opt-in to this option.*

Disclosure Disabled | Disclosure isn't allowed for any report.

Both you and program members can request for disclosure. To request for disclosure:

1. Go to the report you want to disclose.

2. Make sure the report is closed.

When publishing reports, the security team can choose to disclose the report in full or limit the information published. The default is to display all the communication between the hacker and the security team from first report to resolution.

You can cancel your disclosure request if you later decide to not disclose your report. You can also cancel disclosure requests from a program asking you for disclosure.

To cancel a disclosure request:

3. Enter a comment explaining why you are canceling the disclosure request.

4. Click **Post**.

Private programs can also enable you to disclose a report to other hackers within the program. Upon disclosure, contents of the report will only be visible to other hackers in the private program. This enables you and other hackers to share your vulnerability findings with other hackers in the program so that they can be aware of what vulnerabilities have been found for that program.

You can request for disclosure in the private program you're a part of by following the same steps in the Requesting Disclosure section above.