Receiving invalid or unwanted reports to your bug bounty program is never desirable. These reports create a burden for programs and reduce the time that can be spent on reports that matter. In a word, it’s “noise”.
We continue to work tirelessly for our customers on finding ways to filter out as much noise as possible for HackerOne programs. One of the biggest features we have recently worked on is Human-Augmented Signal which launched in January 2018 and has since reduced noise by 30 to 40% for most of our customers.
We’re happy today to announce the next step in our noise-reducing mission: redefining the ‘Triggers’ functionality. By redefining triggers, we’re taking noise reduction to the next level. Triggers are an ideal way to reduce noise in areas that aren’t caught by our Human Augmented Signal system. In case you have some vulnerabilities listed as out of scope, but you’re still receiving reports, triggers might help to catch these reports before or after they get submitted.
One of the areas we’ve improved the triggers feature is that we’ll show you how effective a trigger would be right in the product. The new preview section will appear as soon as you start entering the criteria for a trigger. This preview will show how the trigger would have performed on the reports you received so far.
We’ve collected feedback since the original triggers feature was launched, and are now announcing “Default triggers”. Customers are free to remove or edit these if they want, but by default, we will provide these triggers to all new and existing customers. Once edited, default triggers will behave just like normal triggers.
New trigger criteria
Previously, when creating a trigger, all criteria for a trigger would add up as “AND” operators. This means that when you created a trigger with 2 criteria “X-Frame-Option” and “xfo”, this would only trigger if both words would match in the report.
With the new triggers, you can specify if you want to use AND or OR operators for the trigger criteria. This helps you build more sophisticated triggers, and enables you to create a trigger like the one you can see in the example of Default Triggers.
Once you start adding more than one criteria in the trigger, a toggle will show up to let you define how you want to handle multiple criteria:
The new Triggers are globally available to everyone. We believe all programs will benefit from adding triggers for common areas of noise they see in their programs. You can go to Settings -> Program -> Triggers to start using the new triggers right away or learn more about triggers on our new docs site.
This feature has been brought to you by Maarten, Miray, Willian, Jeroen, and Ivan.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.