Getatlas E909rh35zbHackerOne
Help CenterGetting StartedSubmitting Your First Vulnerability Report
Related articles

Submitting Your First Vulnerability Report

Last updated July 24, 2024

Congratulations on finding your first vulnerability on HackerOne! Submitting a report is the final step in the responsible disclosure process, ensuring that security weaknesses are addressed in a timely and coordinated way. This guide will walk you through the process of submitting a clear, concise, and impactful report to maximize your chances of a successful resolution.

Submitting a Vulnerability Report:

  • Gather Your Evidence: Make sure you have solid proof of concept (PoC) and evidence that clearly demonstrates the discovered vulnerability, including screenshots, video recordings, or technical details.
  • Review Program Guidelines: Familiarize yourself with the program's specific guidelines and reporting requirements. This includes details on the preferred format of the report, acceptable disclosure methods, and any restrictions on sharing information.
  • Choose the Right Report Type: Select the appropriate vulnerability type from the dropdown menu on the report submission page. Accuracy here ensures efficient categorization and prioritization by the program team.
  • Provide a Clear Description: Write a detailed description of the vulnerability, including the steps to reproduce it, the impact it could have, and any relevant technical information. Be concise and specific to ensure clarity for the program team.
  • Submit Your Report: Once you've gathered your evidence, reviewed the program guidelines, and crafted a clear report, submit your findings through the HackerOne platform.
  • Proof of Concept (PoC): Include a clear and concise proof of concept with your report. This can be a detailed explanation of the vulnerability, code snippets, or a working exploit.
  • Communication is Key: Engage with the program team during the triaging process. Be patient as they investigate the report and provide updates on the resolution process.
  • Remain Ethical: Remember to stay within the ethical bounds of the program and adhere to the guidelines outlined by HackerOne.
Was this article helpful?