Welcome Edit the Doc Site Product Offerings Program Starting Point Navigation Organization Dropdown Program Types Private vs. Public Programs Parent/Child Programs VDP vs. BBP Using Markdown Industry Best Practices Authenticated Testing Scoping Considerations Traffic Identification Engagements Organization Profile Users Groups General Settings User Management Groups and Permissions Security Page Program Metrics Response Target Indicators Top Hackers Asset Inventory Policy and Scope Good Policies Safe Harbor FAQ Gold Standard Safe Harbor Statement Program Levels Defining Scope Scope Best Practices Asset Types Severity Environmental Score Bounty Tables Importance of Bounty Tables Submit Report Form Report Templates Pausing Report Submissions Response Targets Response Target Metrics Setting Response Targets Invitations Reputation Signal and Impact CVE Requests Submission Signal Requirements Human-Augmented Signal Single Sign-On via SAML JIT Provisioning Domain Verification Google Okta OneLogin FAQs Two-Factor Authentication Invalid OTP Code Sessions Credential Management Asset-Based Credential Management Notifications Response Programs Inbox Inbox Views Report Management Report Actions Report States Report Components Quality Reports Locking Reports Duplicate Reports Duplicate Detection Exporting Reports Response Labels Keyboard Shortcuts Custom Fields Disclosure Limiting Disclosed Information Retesting Vacations HackerOne on Your Program Supported Integrations Integration Variables Webhooks API Tokens Assembla AWS Security Hub Azure DevOps Brinqa Bugzilla Freshdesk GitHub GitLab HackEDU IBM Security QRadar SOAR Jira Jira Setup Jira Migration Guide Jira FAQs Kenna Security Linear MantisBT Microsoft Teams OTRS PagerDuty Phabricator Redmine ServiceNow Slack Splunk Sumo Logic Trac Zendesk Billing Bounties Swag Bonuses Dashboards Program Overview Submissions & Bounty Dashboard Statistics Dashboard Hacker Engagement Hacker Feedback Dashboard Response Efficiency Dashboard Explore Audit Logs Industry Benchmarking Hacktivity Communicating with Hackers Message Hackers Banning Hackers Hacker Email Alias Program Mediation & Code of Conduct Review Requests Hacker Reviews Disclosure Assistance HackerOne Clear Gateway FAQs Pentest Overview FAQs Retesting Pentest Automation Common Responses Triggers Hackbot Email Forwarding Embedded Submission Form Import Vulnerabilities IP Allowlists Multi-Party Coordination Password Best Practices Proof of Compliance Slack Shared Channels Reducing Noise Team Member Eligibility Reducing Noise
Once your program launches
publicly, the entire hacker community is enabled to submit vulnerability reports to your program. Though publicly launching your program is a huge accomplishment, it also means that your program is more susceptible to noise from invalid or low-impact reports. Receiving such reports makes it difficult to maintain healthy programs with healthy response times as programs are spending time filtering through these low priority reports.
In order to help you and your program become more successful, HackerOne has implemented features to help you reduce noise from low-impact reports. These features include:
Human-Augmented Signal HackerOne Security Analysts will review reports that have a high chance of being invalid and will close any invalid report as
Triggers Set up an automated action when your program receives a report with or without a given trigger word. Triggers aid in reducing noise as they can flag certain reports.
Signal Requirements Set a minimum Signal hackers must reach in order to submit reports to your program. This ensures that only hackers with a certain skill level are able to report vulnerabilities.
Define your Scope Define your scope and the assets you want hackers to hack on. This guides hackers to focus on the right targets that you’re interested in.
Reputation Flagging noisy reports as
Not Applicable or Spam will negatively impact a hacker's reputation. The built-in reputation system incentivizes hackers to submit quality reports over noise.
Hackbot HackerOne's free automated service that provides inline guidance in reports with contextual advice and actionable suggestions. For instance, you can set Hackbot to suggest when a report
Needs more info.
In extreme cases, you can ban sources of noise from your program by
banning hackers that are submitting irrelevant reports and requesting mediation from HackerOne.
Contact your Account Manager if you're interested in learning more about support from HackerOne's Security Analysts in our fully managed offering.
You’re free to implement 1 or all of these features. For the best results in reducing unwanted noise for your program, it’s good practice to set up each one.