Skip to main content
Glossary

All Audiences: Glossary of commonly-used terms on HackerOne's platform

Updated over 5 months ago

Asset

Attack surfaces that hackers can hack on. There are different types such as CIDR, Domain, Source code, Executable, Hardware/loT, iOS: .ipa.

A collection of assets creates a scope.

Bounty

A financial reward offered in exchange for a valid vulnerability report.

Bounty Table

A bounty table illustrates how much an organization is willing to pay for various bugs, helps set expectations for hackers, and gives the bug bounty team a guideline to ensure fair and consistent reward amounts.

Bug Bounty Program

A bug bounty offers monetary incentives for vulnerabilities and invites submissions from hackers.

CVSS

Common Vulnerability Scoring System (CVSS) is the framework HackerOne utilizes to assign a severity rating to a vulnerability.

CWE

Common Weakness Enumeration (CWE) is the framework HackerOne utilizes to assign a weakness to a vulnerability.

Common Response

A saved response or template that can be applied repeatedly to reports.

Directory

The HackerOne directory is a community-curated resource for contacting an organization regarding a security vulnerability.

Hacker

Someone who’s able to find vulnerabilities in information-related systems. One who enjoys the intellectual challenge of creatively overcoming limitations (Jargon File 4.4.7).

Hacktivity

Hacktivity is the public community feed that showcases hacker activity on HackerOne.

ISO 29147

An international standard describing vulnerability coordination.

ISO 30111

An international standard describing vulnerability handling processes.

Impact

Average reputation gained per bounty.

Integration

External applications being connected and functioning in HackerOne.

Pentest

Short for penetration test. It's a type of test where authorized hackers broadly test the attack surface of an application and determine whether they can find vulnerabilities in them. At HackerOne, pentests are completed by following a structured testing methodology that involves checklists that incorporate the OWASP Top 10 vulnerabilities.

Report

A submission from a hacker that describes a potential security vulnerability.

Reputation

Reputation measures how likely a hacker’s finding is to be immediately relevant and actionable.

Scope

A collection of assets that hackers are to hack on. It’s the structured data that represents the attack surface that’s included or explicitly excluded in an organization’s vulnerability disclosure or bug bounty program.

Signal

Average reputation gained per report.

Vulnerability

Weakness of software, hardware, or online service that can be exploited.

Vulnerability Disclosure

The process by which an organization receives and disseminates information about vulnerabilities in their products or online services.

ISO 29147 definition: Process through which vendors and vulnerability finders may work cooperatively in finding solutions that reduce the risks associated with a vulnerability. It encompasses actions such as reporting, coordinating, and publishing information about a vulnerability and its resolution.

Weakness

An aspect of an application that could lead to a vulnerability, but may not be exploitable in and of itself.

Did this answer your question?