Skip to main content
All CollectionsHacker Engagement
Program Mediation & Code of Conduct Review Requests
Program Mediation & Code of Conduct Review Requests

Organizations: Request assistance from HackerOne

Updated over a week ago

Programs can request assistance from HackerOne in cases when all normal discussions with the hacker have been attempted and there has been no satisfactory resolution. Vice versa, hackers can also request mediation when programs do not honor commitments made on their policy page. Learn more on reasons why a hacker may request mediation here.

Hacker mediation requests commonly occur when a hacker's behavior is out of sync with what is outlined on your Security Page/Program Policy or has violated the Code of Conduct.

Some examples may include:

  • A HackerOne hacker used inappropriate language in communication on a report.

  • A HackerOne hacker communicates with your team outside of HackerOne such as through personal emails, social media accounts, or other private connections.

  • A HackerOne hacker has tested out of scope.

  • A HackerOne hacker disclosed report information without your consent

Requesting Mediation Assistance

There are a couple of ways to request mediation:

  1. If applicable, contact your CSM

  2. Request mediation independently

    • Open the report you'd like to request HackerOne mediation support for.

    • Scroll to the bottom of the report.

    • Click Report abuse.

    • Select Request mediation. This will trigger a workflow for the Mediation Team to reach out to both you and the relevant hacker.

requesting mediation on a report

Mediation Triggers

When a program requests mediation, the steps taken include:

  • Reviewing the specific concern reported

  • Reviewing relevant report(s)

  • Reviewing hacker history

  • Making an informed decision as to whether or not something falls under the Code of Conduct

  • Determining appropriate actions to take based on the ban matrix in our Code of Conduct and based on Code of Conduct history

Note: Mediation uses a certain amount of discretion to encourage good behavior by hackers on the platform.

Example: A new hacker on the platform who uses borderline unprofessional language may receive a discretionary educational message (FYI) rather than a Warning.

Mediation will keep requesters of Mediations in the loop about any actions proposed and taken (in program mediations this is the CSM).

As a reminder, HackerOne won't be able to mediate for reports that have been closed for over 3 months. Please respect the guidelines above and only request mediation if it's deemed absolutely necessary.

Mediation in Reports

In the Inbox, users can see mediation status information directly within the report. The top right corner provides details such as current status, type, sub-type, requester (customer or hacker), request date, and a direct link to the ticket in Freshdesk.

Did this answer your question?