Scope & Standards
Learn best practices for policy and scope
11 articles
- Good GuidelinesOrganizations: Good guidelines & starting points for your engagement
- Core Ineligible FindingsAll Audiences: A ready-made list of ineligible findings
- Safe Harbor Overview & FAQOrganizations: Commonly answered questions about safe harbor
- Gold Standard Safe Harbor StatementOrganizations: HackerOne's Gold Standard Safe Harbor
- Defining ScopeOrganizations: Define which assets you want hackers to hack on and how bounty applies
- Defining SeverityOrganizations: Learn what defines report severity
- Environmental ScoreOrganizations: Learn how severity is affected by impact to your organization
- CVSS 3.0All audiences: Learn about HackerOne's custom implementation of CVSS 3.0
- CVSS 3.1All audiences: Learn how CVSS 3.1 impacts severity
- CVSS 4.0All audiences: Learn how CVSS 4.0 impacts severity
- AI Research Safe Harbor StatementAll Audiences: What counts as Good Faith AI Research and the protections we provide for it
