Skip to main content

Advanced Workflows with Inbox Views

  • January 18th , 2017

By default, HackerOne offers a standard vulnerability disclosure workflow that supports most security teams out there. But one size doesn't fit all. We all like to have things our own way.

To empower those security teams with more advanced vulnerability disclosure workflows, we’re excited to announce that programs on HackerOne are able to customize the Views in their Inbox. Security teams can create, update, remove and rearrange their Views which are a set of saved filters. Now a security team can operate under a unified workflow that matches their preferred process. Your Inbox, your way!

How it works

Let's illustrate this with an example. Suppose you'd like to modify your workflow to ensure that all "Critical" vulnerabilities are tracked independently of vulnerabilities with lesser severity.

  1. As a program admin, head to your Inbox and generate a custom View by selecting the desired filters. In this example, we'll filter for “Critical” severity vulnerabilities only. Then click "Save". Save any "Custom" view
  2. The next step is to either save it as a new View or overwrite an existing View. This will make it permanently accessible to all members of your security team. Save your View
  3. To show, hide, rearrange or remove Views, go to Settings > Program > Inbox Views. Alt text

You're done! Enjoy your new workflow.

This basic example is just the beginning. More advanced workflows might include steps such as:

  • Divide the default triage step between a "Tier 1" and a "Tier 2".
  • Track reports assigned to different Groups. e.g., separate queues for your Android vs iOS apps.
  • Create separate "Pending bounty" and "Pending swag" steps - or - unify them into one "Pending reward" step.
  • Create separate queues for the investigation of complex or specialized vulnerability reports. e.g., "Triage (Crypto)"

This new feature is available to users of our Professional Edition and higher. Contact your Customer Success manager for recommendations or assistance on configuring more advanced workflows. We will be rolling this out for hackers as well.

As always, please let us know what you think by contacting us at feedback@hackerone.com or on Twitter (@hacker0x01). To see upcoming as well as previously released features, check out our roadmap at https://hackerone.com/roadmap.

Cheers!
Lars Bekkema, Dirk Zittersteyn, Philip Kocanda, Jan Deelstra, Alexander Jeurissen and the HackerOne team.

Recent articles

H1-415 Hackathon Delivers to Customers, Community, and Hackers

Just a few short weeks ago, an elite group of hackers huddled in conference rooms in a San Francisco high-rise…

Introducing CWE-based Weaknesses

HackerOne updated their vulnerability taxonomy to include a more complete weakness suite based on the industry-…

Intel launches its first bug bounty program

Our friends at Intel have an exciting announcement! Their bug bounty program is live.