Once your program launches publicly, the entire hacker community can submit vulnerability reports to your program. Though publicly launching your program is a huge accomplishment, it also means that your program is more susceptible to noise from invalid or low-impact reports. Receiving such reports makes it difficult to maintain healthy programs with healthy response times as programs spend time filtering through these low-priority reports.
To help you and your program become more successful, HackerOne has implemented features to help you reduce noise from low-impact reports. These features include:
Feature | Details |
Set up an automated action when your program receives a report with or without a given trigger word. Triggers aid in reducing noise as they can flag certain reports. | |
Set a minimum Signal hackers must reach to submit reports to your program. This ensures that only hackers with a certain skill level can report vulnerabilities. | |
Define your scope and the assets you want hackers to hack on. This guides hackers to focus on targets you’re interested in. | |
Flagging noisy reports as Not Applicable or Spam will negatively impact a hacker's reputation. The built-in reputation system incentivizes hackers to submit quality reports over noise. | |
HackerOne's free automated service that provides inline guidance in reports with contextual advice and actionable suggestions. For instance, you can set Hackbot to suggest when a report Needs more info. | |
Report Abuse | In extreme cases, you can ban sources of noise from your program by banning hackers who are submitting irrelevant reports and requesting mediation from HackerOne. |
Triage Services | Contact your Account Manager if you're interested in learning more about support from HackerOne's Security Analysts in our fully managed offering. |
You’re free to implement 1 or all of these features. For the best results in reducing unwanted noise for your program, it’s good practice to set up each one.