Reports Basics

Here are all possible states of reports

New - once a report has been submitted it receives a New state. At this stage it’s possible to delete a report, if you have changed your opinion.
In Review - The triage team starts the validation process of the submission.
Need More Info - if the triage team needs additional details for validation they ask for it. If we don’t hear back from you for more than 30 days, such report will be automatically closed.
Triaged - once we approve the report, it goes forward to the client’s security team to fix the vulnerability.
Paid - the company paid for the valid report to the researcher

Resolved - the report was valid and was fixed.
Duplicate - the reported vulnerability has been reported before. In this case, vulnerabilities found on other platforms are also considered duplicates (even if they have not yet been fixed) and if the Company has provided evidence to the HackenProof Triage team that such a vulnerability was found on another platform.
Informative - the report was useful for the company but there is no need in immediate action or a fix.
Out of scope - the report was useful for the company but the issue is not in the focus of the program.
Not Applicable - the report was not valid or it’s not connected with the security of the application.
Spam - the report was not a valid security issue or didn’t have any useful information for the company.
Disclosed - the report is disclosed to the public.

Variations of states for Disclosed reports

The triage team can adjust the visibility of the report, it can be one of these:

In a state of partial visibility, the team can choose what types of information to disclose:

Last updated 5 months ago