All Collections
Policy & Scope

Learn best practices for policy and scope
12 articles
Policy and Scope
Good PoliciesGuidelines & starting points
Standard Ineligible FindingsA list of standard ineligible findings enforced across all of HackerOne's programs
Safe Harbor FAQCommonly answered questions about safe harbor
Gold Standard Safe Harbor StatementHackerOne's Gold Standard Safe Harbor
Program LevelsBest practices to adopt as part of your journey toward program maturity
Defining ScopeDefine which assets you want hackers to hack on and how bounty applies
SeverityOrganizations: Learn what defines report severity
Environmental ScoreOrganizations: Learn how severity is affected by impact to your organization
Triage Scope InstructionsSet preferences for how Triagers handle reports on assets not listed in your scope
CVSS 3.0Learn about HackerOne's custom implementation of CVSS 3.0
CVSS 3.1Learn how CVSS 3.1 impacts severity