HackerOne

Good Policies

All Audiences: A ready-made list of ineligible findings

Organizations: Commonly answered questions about safe harbor

Organizations: HackerOne's Gold Standard Safe Harbor

Organizations: Define which assets you want hackers to hack on and how bounty applies

Organizations: Learn what defines report severity

Organizations: Learn how severity is affected by impact to your organization

All audiences: Learn about HackerOne's custom implementation of CVSS 3.0

All audiences: Learn how CVSS 3.1 impacts severity

Organizations: Outline how your program handles disclosure

All audiences: Learn how CVSS 4.0 impacts severity

Learn best practices for policy and scope

Find answers and get help from Intercom Support and Community Experts

Link, Press control-option-right-arrow to exit

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

Try using different keywords or checking for typos.

Track the progress of all tickets related to your company.

{assigneeName} needs more information from you