Asset
Attack surfaces that hackers can hack on. There are different types such as CIDR, Domain, Source code, Executable, Hardware/loT, iOS: .ipa.
A collection of assets creates a scope.
Bounty
A financial reward offered in exchange for a valid vulnerability report.
Bounty Table
A bounty table illustrates how much an organization is willing to pay for various bugs, helps set expectations for hackers, and gives the bug bounty team a guideline to ensure fair and consistent reward amounts.
Bug Bounty Program
A bug bounty offers monetary incentives for vulnerabilities and invites submissions from hackers.
CVSS
Common Vulnerability Scoring System (CVSS) is the framework HackerOne utilizes to assign a severity rating to a vulnerability.
CWE
Common Weakness Enumeration (CWE) is the framework HackerOne utilizes to assign a weakness to a vulnerability.
Common Response
A saved response or template that can be applied repeatedly to reports.
Directory
The HackerOne directory is a community-curated resource for contacting an organization regarding a security vulnerability.
Hacker
Someone who’s able to find vulnerabilities in information-related systems. One who enjoys the intellectual challenge of creatively overcoming limitations (Jargon File 4.4.7).
Hacktivity
Hacktivity is the public community feed that showcases hacker activity on HackerOne.
ISO 29147
An international standard describing vulnerability coordination.
ISO 30111
An international standard describing vulnerability handling processes.
Impact
Average reputation gained per bounty.
Integration
External applications being connected and functioning in HackerOne.
Pentest
Short for penetration test. It's a type of test where authorized hackers broadly test the attack surface of an application and determine whether they can find vulnerabilities in them. At HackerOne, pentests are completed by following a structured testing methodology that involves checklists that incorporate the OWASP Top 10 vulnerabilities.
Report
A submission from a hacker that describes a potential security vulnerability.
Reputation
Reputation measures how likely a hacker’s finding is to be immediately relevant and actionable.
Scope
A collection of assets that hackers are to hack on. It’s the structured data that represents the attack surface that’s included or explicitly excluded in an organization’s vulnerability disclosure or bug bounty program.
Signal
Average reputation gained per report.
Vulnerability
Weakness of software, hardware, or online service that can be exploited.
Vulnerability Disclosure
The process by which an organization receives and disseminates information about vulnerabilities in their products or online services.
ISO 29147 definition: Process through which vendors and vulnerability finders may work cooperatively in finding solutions that reduce the risks associated with a vulnerability. It encompasses actions such as reporting, coordinating, and publishing information about a vulnerability and its resolution.
Weakness
An aspect of an application that could lead to a vulnerability, but may not be exploitable in and of itself.