Changes to Disclosure Assistance

HackerOne is excited to announce the revamp of our Disclosure Assistance program! Our goal is to reset expectations and realign with the hacker community. As such, you may see some of your submissions to Disclosure Assistance closed as informative. 

What is the goal of Disclosure Assistance? First and foremost, Disclosure Assistance is a best-faith effort. Submitting to this program has no guarantee of action or resolution by HackerOne or the impacted party.

We will act on valid reports and attempt contact with the impacted party for bugs that meet the following criteria:

• Critical impact to an affected company/organization that does not have a public Vulnerability Disclosure Program or Bug Bounty Program.
• Big user or societal impact (e.g., a large enterprise with a ton of user data exposed)

Examples of Critical Impact Bugs:

• SQLi
• RCE
• Information Disclosure of bulk PII (Personal Identifiable Information) data

HackerOne's Mediation team does not act on mediation requests for Disclosure Assistance reports. If you have concerns about a Disclosure Assistance report, please comment within your report or contact da@hackerone.com.

Happy Hacking!