Once your program launches publicly, the entire hacker community is enabled to submit vulnerability reports to your program. Though publicly launching your program is a huge accomplishment, it also means that your program is more susceptible to noise from invalid or low-impact reports. Receiving such reports makes it difficult to maintain healthy programs with healthy response times as programs are spending time filtering through these low priority reports.
In order to help you and your program become more successful, HackerOne has implemented features to help you reduce noise from low-impact reports. These features include:
|Human-Augmented Signal||HackerOne Security Analysts will review reports that have a high chance of being invalid and will close any invalid report as Not Applicable.|
|Triggers||Set up an automated action when your program receives a report with or without a given trigger word. Triggers aid in reducing noise as they can flag certain reports.|
|Signal Requirements||Set a minimum Signal hackers must reach in order to submit reports to your program. This ensures that only hackers with a certain skill level are able to report vulnerabilities.|
|Define your Scope||Define your scope and the assets you want hackers to hack on. This guides hackers to focus on the right targets that you’re interested in.|
|Reputation||Flagging noisy reports as Not Applicable or Spam will negatively impact a hacker's reputation. The built-in reputation system incentivizes hackers to submit quality reports over noise.|
|Hackbot||HackerOne's free automated service that provides inline guidance in reports with contextual advice and actionable suggestions. For instance, you can set Hackbot to suggest when a report Needs more info.|
|Report Abuse||In extreme cases, you can ban sources of noise from your program by banning hackers that are submitting irrelevant reports and requesting mediation from HackerOne.|
|Triage Services||Contact your Account Manager if you're interested in learning more about support from HackerOne's Security Analysts in our fully managed offering.|
You’re free to implement 1 or all of these features. For the best results in reducing unwanted noise for your program, it’s good practice to set up each one.