All Collections
Scope & Standards
Learn best practices for policy and scope
12 articles
Good PoliciesGuidelines & starting points
Core Ineligible FindingsAll Audiences: A ready-made list of ineligible findings
Safe Harbor FAQOrganizations: Commonly answered questions about safe harbor
Gold Standard Safe Harbor StatementOrganizations: HackerOne's Gold Standard Safe Harbor
Program LevelsOrganizations: Best practices to adopt as part of your journey toward program maturity
Defining ScopeOrganizations: Define which assets you want hackers to hack on and how bounty applies
SeverityOrganizations: Learn what defines report severity
Environmental ScoreOrganizations: Learn how severity is affected by impact to your organization
Triage Scope InstructionsOrganizations: Set preferences for how Triagers handle reports on assets not listed in your scope
CVSS 3.0Learn about HackerOne's custom implementation of CVSS 3.0
CVSS 3.1Learn how CVSS 3.1 impacts severity
Coordinated Vulnerability DisclosureOrganizations: Outline how your program handles disclosure