Reports Basics

HackenProof uses a ticket-based system that has different stages of reports processing

Here are all possible states of reports:

Open report:

  • New - once a report has been submitted it receives a New state. At this stage it’s possible to delete a report, if you have changed your opinion.
  • In Review - The triage team starts the validation process of the submission.
  • Need More Info - if the triage team needs additional details for validation they ask for it. If we don’t hear back from you for more than 30 days, such report will be automatically closed.
  • Triaged - once we approve the report, it goes forward to the client’s security team to fix the vulnerability.

Closed report:

  • Resolved - the report was valid and was fixed.
  • Duplicate - the reported vulnerability has been reported before.
  • Informative - the report was useful for the company but there is no need in immediate action or a fix.
  • Out of scope - the report was useful for the company but the issue is not in the focus of the program.
  • Not Applicable - the report was not valid or it’s not connected with security of the application.
  • Spam - the report was not a valid security issue or didn’t have any useful information for the company.
  • Disclosed - the report is disclosed to the public.