Submission Requirements
The Submission Requirements page enables you to set specific requirements for hackers to submit reports to your program. You can:
- Require hackers to meet certain signal requirements
- Enable Human-Augmented Signal
- Require hackers to have two-factor authentication
- Enable bounty splitting
- Select severity rating options
To access the Submission Requirements page, go to: Program Settings > Program > Hacker Management > Submission.
Requiring Two-Factor Authentication
To require hackers to have two-factor authentication enabled before submitting reports to your program:
- Go to Program Settings > Program > Submission.
- Go to the section on requiring hackers to have 2FA.
- Click the toggle so that it's set to Yes.
For Public Programs
Hackers that have already submitted past reports before 2FA was required will still be able to access and comment on those reports. They, however, won't be able to submit any new reports to your program without enabling 2FA.
For Private Programs
Hackers will be required to have 2FA enabled to participate and submit reports to a private program. Once you turn this feature for a private program all hackers without 2FA will be removed from the program and immediately sent an invitation back to the program. Those hackers and future hackers won't be able to accept the invitation until they have 2FA enabled.
Enabling Bounty Splitting
Bounty splitting enables hackers to split the bounty with other hackers that helped collaborate on a report. This enables each hacker to be rewarded for their findings on the report.
Note: You can only enable bounty splitting if your program uses the prepayment billing option.
To enable bounty splitting for your program:
- Go to Program Settings > Program > Submission.
- Click the toggle so that it's set to Yes for Enable bounty splitting.
Severity Rating Options
You can select how you would like hackers to determine the severity of the vulnerability they're reporting.
To set your severity ratings:
- Go to the Severity Rating Options section under Program Settings > Program > Submission.
- Select from these options:
| Option | Details |
|---|---|
| Rating or CVSS Score | Hackers can choose to rate the severity of their vulnerability by using the CVSS calculator or by marking it as None, Low, Medium, High, or Critical based on their own judgment. *This is the default option and is recommended for most users. |
| CVSS Score Only | Hackers can only use the CVSS calculator to rate the severity of the vulnerability. This is recommended only for interacting with hackers that understand CVSS. |