All Collections
Scope & Standards
![](https://downloads.intercomcdn.com/i/o/458457/1c6e391a5832b8f96738131d/b0f547e4464128032577e984dbce6882.png)
Learn best practices for policy and scope
11 articles
Good PoliciesGuidelines & starting points
Core Ineligible FindingsAll Audiences: A ready-made list of ineligible findings
Safe Harbor FAQCommonly answered questions about safe harbor
Gold Standard Safe Harbor StatementHackerOne's Gold Standard Safe Harbor
Program LevelsOrganizations: Best practices to adopt as part of your journey toward program maturity
Defining ScopeOrganizations: Define which assets you want hackers to hack on and how bounty applies
SeverityOrganizations: Learn what defines report severity
Environmental ScoreOrganizations: Learn how severity is affected by impact to your organization
Triage Scope InstructionsSet preferences for how Triagers handle reports on assets not listed in your scope
CVSS 3.0Learn about HackerOne's custom implementation of CVSS 3.0
CVSS 3.1Learn how CVSS 3.1 impacts severity