docs.hackerone.com icon indicating copy to clipboard operation
docs.hackerone.com copied to clipboard
verified publisher icon Hacker0x01

Create a new section "Program Operations" -> triaging

Open tolo7010 opened this issue 7 years ago • 3 comments

Propose a new section for both HackerOners and the programs to have a clear list of indicators on program operations, for example:

  • how to decide if a report is a duplicated.
  • what are the roles of the security analysts, what are the steps taken in vetting reports.
  • how a program decides on the eligibility of a report based on business impact rather than vulnerability or attack types.
  • how to determine which assets are considered sensitive and which are not.
  • what are the exceptions and when the report is a valid technical vulnerability but not being fixed due to various factors, for example, the complexity or exploitability of the attack, the positive outcome to the victim after the attack, etc. ...

tolo7010 avatar Jun 24 '18 03:06 tolo7010

Thanks for the proposal! We'll put your request in to our backlog and work on getting an article written up for this.

stacyspiva avatar Jun 25 '18 19:06 stacyspiva

Hello @stacyspiva, thanks for considering my request. I will try to write some of them with my current knowledge, and sections that need discussing will be marked as [TBD]

tolo7010 avatar Jun 25 '18 21:06 tolo7010

Hmm good

clinboy247 avatar Jun 26 '19 08:06 clinboy247