All Collections
Scope & Standards
Learn best practices for policy and scope
12 articles
Good PoliciesGuidelines & starting points
Core Ineligible FindingsAll Audiences: A ready-made list of ineligible findings
Safe Harbor FAQOrganizations: Commonly answered questions about safe harbor
Gold Standard Safe Harbor StatementOrganizations: HackerOne's Gold Standard Safe Harbor
Defining ScopeOrganizations: Define which assets you want hackers to hack on and how bounty applies
SeverityOrganizations: Learn what defines report severity
Environmental ScoreOrganizations: Learn how severity is affected by impact to your organization
Triage Scope InstructionsOrganizations: Set preferences for how Triagers handle reports on assets not listed in your scope
CVSS 3.0All audiences: Learn about HackerOne's custom implementation of CVSS 3.0
CVSS 3.1All audiences: Learn how CVSS 3.1 impacts severity
Coordinated Vulnerability DisclosureOrganizations: Outline how your program handles disclosure
CVSS 4.0All audiences: Learn how CVSS 4.0 impacts severity