# Vulnerability Disclosure

The vulnerability disclosure policy on the HackenProof is based on the mutual agreement by default. The bug hunter may request the disclosure of the vulnerability report as soon as the report status changes to the "Resolved", meaning the vulnerability was fixed. If the security team of the program and the bug hunter agree, the report's content will be disclosed in the discussed timeline.

The program security team is allowed to disclose the report without the bug hunter's agreement in the following scenarios:

1\. The security team detected exploitation of the submitted vulnerability and disclose remediation steps, to secure users.

2\. The security team accepts the risk of the issue described in the report and will not fix it, making the users aware of this issue referring to the report.

In both scenarios, the personal data of the submitter must be hidden.

<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.hackenproof.com/good-to-know/vulnerability-disclosure.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.