Changes to Disclosure Assistance

January 5, 2023 HackerOne

HackerOne is excited to announce the revamp of our Disclosure Assistance program! Our goal is to reset expectations and realign with the hacker community. As such, you may see some of your submissions to Disclosure Assistance closed as informative. 

What is the goal of Disclosure Assistance? First and foremost, Disclosure Assistance is a best-faith effort. Submitting to this program has no guarantee of action or resolution by HackerOne or the impacted party.

We will act on valid reports and attempt contact with the impacted party for bugs that meet the following criteria:

  • Critical impact to an affected company/organization that does not have a public Vulnerability Disclosure Program or Bug Bounty Program.
  • Big user or societal impact (e.g., a large enterprise with a ton of user data exposed)

Examples of Critical Impact Bugs:

  • SQLi
  • RCE
  • Information Disclosure of bulk PII (Personal Identifiable Information) data

HackerOne's Mediation team does not act on mediation requests for Disclosure Assistance reports. If you have concerns about a Disclosure Assistance report, please comment within your report or contact

Happy Hacking!


Previous Article
Brand Ambassador Announcement
Brand Ambassador Announcement

2022 just came to an end. We hope you found plenty of bugs, collected a lot in bounties, and are ready to ...

Next Article
Visualizing Live Hacking Events: Hackers Break Records at H1-702
Visualizing Live Hacking Events: Hackers Break Records at H1-702

Checkout this infographic for a more detailed look at stats, hacker perspectives, and highlights of our ev...