Your Security Page contains key information about your program and your security disclosure policy. The Security Page sets expectations for hackers you invite to your bounty program and it also outlines your:
Policy for in-scope eligibility
Bounty reward structure
Completing the Security Page
To edit your Security Page, go to Engagements > Settings > Program.
A complete security page includes the following:
It's important to keep your security page up-to-date so hackers always know the important details about your program. Check out the security pages for Yahoo!, Twitter, and Dropbox for reference.
Claiming the Security Page
Unless a security page is claimed, the page is curated by the HackerOne community. An organization can claim their security page in order to:
Take editorial control of their disclosure policy
Self-update their information
Own their policy messaging
You don't have to be a HackerOne customer in order to claim a Security Page, though signing up for a free HackerOne account is necessary.
To claim a security page:
Find an unclaimed security page in the directory.
Click the Claim this page link.
A HackerOne staff will either approve or reject your claim request. If your request is approved, you'll be given editing rights to the entire page.
HackerOne reviews each claim submission for validity before granting the claim. A security page can only be claimed once. Once you claim your security page, the community can no longer edit it.
Suggesting Edits to the Security Page
You can suggest edits to any unclaimed security page by clicking on the Suggest edits link. A HackerOne staff will review your changes and approve them if they are valid.