HackenProof Docs
  • Welcome
    • HackenProof
      • Services we provide
      • Our resources
    • Integrations
      • Slack
      • Discord
      • Telegram
      • Zapier (Webhook)
        • Zapier -> Lark
        • Zapier -> Linear
        • Zapier -> Jira Service Management
        • Zapier -> PagerDuty
        • Zapier -> Google Chat
        • Zapier -> ClickUp
      • Jira Software
      • GitHub Issue
      • GitLab Issue
      • VDP iFrame
    • FAQ
      • Audit & Bug Bounty (BB)
      • Crowdsourced Audit & BB
      • Penetration testing & BB
    • Emergency
      • Reset 2FA
    • Code of Conduct
    • Referral Program
  • Bug Bounty
    • Bug Bounty process
    • How to start Bug Bounty
    • How to create a VDP
    • Vulnerability classification
      • Web & Mobile
        • Out-of-Scope Bugs
      • Smart contracts
      • Blockchain protocols
    • Reports Basics
      • Points Guide
      • Crafting a well-readable report
  • Dashboard
    • Company dashboard
      • Manage programs
      • Manage reports
      • Share report
      • Labels
      • E2E report encryption
      • Reports decrypting with Mailvelope
      • Users and roles
      • Program/Report Assignee
      • Replenish your balance
      • Integrations
    • Hacker dashboard
      • ๐Ÿ‘‰How to start
      • Submit a report
      • Reports Basics
      • Vulnerability classification
      • ๐Ÿ‘ฎโ€โ™‚๏ธKYC
      • ะกreate a crypto wallet
      • ๐Ÿ’ธWithdraw bounty
      • Hacker Leaderboard
      • Reset 2FA
      • ๐Ÿ•HackenProof community
      • Report ID
      • Private Program
      • Contact support
    • Company-Auditor dashboard
      • How to start
      • Add members
      • Submit report
      • Contact support
  • Crowdsourced audit
    • Audit process
    • How to start Audit
    • Supported tech
    • Vulnerability classification
    • Reports Basics
    • Qualified Auditors
    • Judging / Triaging
      • Targets
      • Team
    • Fee & Payments
  • DualDefense Audit
    • What is DualDefence Audit
    • How DualDefence Audit goes
    • DualDefence Audit โ€” researchers' perspective
  • good to know
    • Changelog
    • Branding
    • Vulnerability Disclosure
  • Education
    • Courses
    • Tools
    • Useful sources
Powered by GitBook
On this page
  1. good to know

Vulnerability Disclosure

Vulnerability disclosure guideline

The vulnerability disclosure policy on the HackenProof is based on the mutual agreement by default. The bug hunter may request the disclosure of the vulnerability report as soon as the report status changes to the "Resolved", meaning the vulnerability was fixed. If the security team of the program and the bug hunter agree, the report's content will be disclosed in the discussed timeline.

The program security team is allowed to disclose the report without the bug hunter's agreement in the following scenarios:

1. The security team detected exploitation of the submitted vulnerability and disclose remediation steps, to secure users.

2. The security team accepts the risk of the issue described in the report and will not fix it, making the users aware of this issue referring to the report.

In both scenarios, the personal data of the submitter must be hidden.

PreviousBrandingNextCourses

Last updated 1 year ago