Reports Basics

HackenProof uses a ticket-based system that has different stages of reports processing

Dmytro avatar
Written by Dmytro
Updated over a week ago

Here are all possible states of reports:

Open report:

  • New - once a report has been submitted it receives a New state. At this stage it’s possible to delete a report, if you have changed your opinion.

  • In Review - The triage team starts the validation process of the submission.

  • Need More Info - if the triage team needs additional details for validation they ask for it. If we don’t hear back from you for more than 30 days, such report will be automatically closed.

  • Triaged - once we approve the report, it goes forward to the client’s security team to fix the vulnerability.

Closed report:

  • Resolved - the report was valid and was fixed.

  • Duplicate - the reported vulnerability has been reported before.

  • Informative - the report was useful for the company but there is no need in immediate action or a fix.

  • Out of scope - the report was useful for the company but the issue is not in the focus of the program.

  • Not Applicable - the report was not valid or it’s not connected with security of the application.

  • Spam - the report was not a valid security issue or didn’t have any useful information for the company.

  • Disclosed - the report is disclosed to the public.

Did this answer your question?