Crafting a well-readable report
This page offers a comprehensive guide to enhancing the quality of vulnerability reports.
Last updated
This page offers a comprehensive guide to enhancing the quality of vulnerability reports.
Last updated
Overall, we have seven input placeholders, all of which are necessary and will be helpful in the investigation of your findings. Let's go through each one step by step:
General info โ Vulnerability Title: Provide a short description of the vulnerability and the affected asset. Use the specified names or CVE/CWE IDs if available, but keep it concise and on-topic.
Target โ Specify the vulnerability target: Carefully select from the list and double-check before submitting, as a misclick can cause unnecessary delays in our research.
Target โ Vulnerability category: This is similar to "Vulnerability Title," but more general. Fill it out informatively to help us categorize and triage reports more efficiently.
Target โ Serenity level: Choose one of the preset levels (none, low, medium, high, and critical) or use the CVSS calculator for complex issues. The CVSS calculator is recommended for accuracy.
Vulnerability details: Describe your finding, including all issue-related themes and relevant external information (links/screenshots). Make it useful for understanding the problem's origin and possible mitigation/fixes. If referencing an article, provide a brief summary and share the link.
Validation steps: Explain how you achieved the exploitation of your finding. Mention the exact URL/IP/Port where the vulnerability appears and provide clear, step-by-step instructions for validation.
Note on file upload: To have proof of your finding, always include screenshots or screen capture videos. Ensure that your file is fully uploaded before proceeding with the next one.
Lastly, some recommendations for text styles:
Use bold, italic, and headers to create logical paragraphs, but don't overdo it. Use these styles to highlight important points.
Organize information with quotes and numbered/not-numbered lists for clarity.
Shorten long links using the "link" button, placing the short name in square brackets and the link in rounded brackets.
Insert code snippets between "```" to allow immediate use.
Utilize the toggle preview tool to review your text block's appearance on the triage side.
You can always view the markdown guide by clicking the far-right button.
To insert an image, copy it (cmd/ctrl+v) from your file manager and paste it into your report body (use the toggle preview tool if necessary).
Remember to click on the checkbox and publish your finding. Well-written reports are more likely to be quickly validated and awarded a higher bounty.