By default, HackerOne offers a standard vulnerability disclosure workflow that supports most security teams out there. But one size doesn't fit all. We all like to have things our own way.
To empower those security teams with more advanced vulnerability disclosure workflows, we’re excited to announce that programs on HackerOne are able to customize the Views in their Inbox. Security teams can create, update, remove and rearrange their Views which are a set of saved filters. Now a security team can operate under a unified workflow that matches their preferred process. Your Inbox, your way!
How it works
Let's illustrate this with an example. Suppose you'd like to modify your workflow to ensure that all "Critical" vulnerabilities are tracked independently of vulnerabilities with lesser severity.
- As a program admin, head to your Inbox and generate a custom View by selecting the desired filters. In this example, we'll filter for “Critical” severity vulnerabilities only. Then click "Save".
- The next step is to either save it as a new View or overwrite an existing View. This will make it permanently accessible to all members of your security team.
- To show, hide, rearrange or remove Views, go to Settings > Program > Inbox Views.
You're done! Enjoy your new workflow.
This basic example is just the beginning. More advanced workflows might include steps such as:
- Divide the default triage step between a "Tier 1" and a "Tier 2".
- Track reports assigned to different Groups. e.g., separate queues for your Android vs iOS apps.
- Create separate "Pending bounty" and "Pending swag" steps - or - unify them into one "Pending reward" step.
- Create separate queues for the investigation of complex or specialized vulnerability reports. e.g., "Triage (Crypto)"
This new feature is available to users of our Professional Edition and higher. Contact your Customer Success manager for recommendations or assistance on configuring more advanced workflows. We will be rolling this out for hackers as well.
As always, please let us know what you think by contacting us at firstname.lastname@example.org or on Twitter (@hacker0x01). To see upcoming as well as previously released features, check out our roadmap at https://hackerone.com/roadmap.
Lars Bekkema, Dirk Zittersteyn, Philip Kocanda, Jan Deelstra, Alexander Jeurissen and the HackerOne team.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.