As programs receive vulnerability reports and work on deploying fixes, they need proof that their vulnerabilities have actually been fixed. Retesting enables programs to ask hackers to verify whether a vulnerability has been fixed to secure the protection of their data. If you submit a valid vulnerability report, programs can elect to invite you to retest the vulnerability to verify the fixes.
Upon successful completion of a retest, you’ll receive a bounty as well as +2 reputation.
How It Works
If you’ve submitted a valid vulnerability for a report, the program can request that you retest the vulnerability to make sure it’s been fixed.
If you’re invited to retest the vulnerability, you’ll receive an email notification to retest the report.
To participate in the retest:
Click View retest in your notification email.
Check to see that the vulnerability has been fixed.
Submit your findings in the Retest findings form at the bottom of the report. The form consists of these fields:
Are you able to reproduce the vulnerability report?
Please provide us with a short summary of how you retested the vulnerability and upload any attachments of your validations.
Click Submit.
The program can either approve or reject your results. If they choose to:
Action | Scenario | Details |
Mark as Resolved | You say the vulnerability is fixed. | You’ll be awarded a bounty. |
Retest not performed | You say the vulnerability is fixed. | The program will provide a summary explaining why they’ve rejected the retest. They can choose to request another retest for the vulnerability. |
Issue still exists | You say the vulnerability is not fixed. | You’ll be awarded a bounty. |
Retest not performed | You say the vulnerability is not fixed. | The program will provide a summary explaining why they’ve rejected the retest. The program can choose to request another retest for the report. |
Managing and Viewing Retests
You can track your retesting work under Hacker Dashboard > Retesting. You’ll be able to:
Claim open retests
See which retest you need to complete and the time you have left to complete it
View all of your completed retests