Programs can request assistance from HackerOne in cases when all normal discussions with the hacker have been attempted and there has been no satisfactory resolution. Vice versa, hackers can also request mediation when programs do not honor commitments made on their policy page. More on reasons why a hacker may request mediation here.
Hacker mediation requests commonly occur when a hacker's behavior is out of sync with what is outlined on your Security Page/Program Policy or has violated the Code of Conduct.
Some examples may include:
A HackerOne hacker used inappropriate language in communication on a report.
A HackerOne hacker communicates with your team outside of HackerOne such as through personal emails, social media accounts, or other private connections.
A HackerOne hacker has tested out of scope.
A HackerOne hacker disclosed report information without your consent
Requesting Mediation Assistance
There are a couple of ways to request mediation:
If applicable, contact your CSM
Request mediation independently
Open the report you'd like to request HackerOne mediation support for.
Scroll to the bottom of the report.
Click Report abuse.
Select Request mediation. This will trigger a workflow for the Mediation Team to reach out to both you and the relevant hacker.
When a program requests mediation, the steps taken include:
Reviewing the specific concern reported
Reviewing relevant report(s)
Reviewing hacker history
Making an informed decision as to whether or not something falls under the Code of Conduct
Determining appropriate actions to take based on the ban matrix in our Code of Conduct and based on Code of Conduct history
Mediation will keep requesters of Mediations in the loop about any actions proposed and taken (in program mediations this is the CSM).
As a reminder, HackerOne won't be able to mediate for reports that have been closed for over 3 months. Please respect the guidelines above and only request mediation if it's deemed absolutely necessary.