HackenProof uses a ticket-based system that has different stages of reports processing
Here are all possible states of reports:
- New - once a report has been submitted it receives a New state. At this stage it’s possible to delete a report, if you have changed your opinion.
- In Review - The triage team starts the validation process of the submission.
- Need More Info - if the triage team needs additional details for validation they ask for it. If we don’t hear back from you for more than 30 days, such report will be automatically closed.
- Triaged - once we approve the report, it goes forward to the client’s security team to fix the vulnerability.
- Resolved - the report was valid and was fixed.
- Duplicate - the reported vulnerability has been reported before.
- Informative - the report was useful for the company but there is no need in immediate action or a fix.
- Out of scope - the report was useful for the company but the issue is not in the focus of the program.
- Not Applicable - the report was not valid or it’s not connected with security of the application.
- Spam - the report was not a valid security issue or didn’t have any useful information for the company.
- Disclosed - the report is disclosed to the public.