All Collections
Policy & Scope
Learn best practices for policy and scope
12 articles
Policy and Scope
Good PoliciesGuidelines & starting points
Standard Ineligible FindingsAll Audiences: A ready-made list of ineligible findings for use in program policies
Safe Harbor FAQCommonly answered questions about safe harbor
Gold Standard Safe Harbor StatementHackerOne's Gold Standard Safe Harbor
Program LevelsBest practices to adopt as part of your journey toward program maturity
Defining ScopeOrganizations: Define which assets you want hackers to hack on and how bounty applies
SeverityOrganizations: Learn what defines report severity
Environmental ScoreOrganizations: Learn how severity is affected by impact to your organization
Triage Scope InstructionsSet preferences for how Triagers handle reports on assets not listed in your scope
CVSS 3.0Learn about HackerOne's custom implementation of CVSS 3.0
CVSS 3.1Learn how CVSS 3.1 impacts severity