Disclosure Assistance Refresh | HackerOne

Ever stumbled upon a vulnerability, but had no idea how to share it with the affected organization? You DM them on Twitter, email their support alias, but aren’t able to get a hold of them? HackerOne can help! We’ve blogged about “Disclosure Assistance” before, but we wanted to talk about it again, as there have been some changes.

Let’s review how Disclosure Assistance works:

• Hacker finds a vulnerability in XYZ Company
• Hacker tries to report the vulnerability to XYZ Company, but can’t figure out how, or attempts to contact them have failed
• Hacker looks up XYZ Company in the HackerOne Directory
• Hacker clicks on “Disclosure Assistance”
• NEW! A form pops up where the hacker can provide context around the request to help HackerOne triage it. This form asks the hacker whether they’ve tried to contact the company, what type of vulnerability it is, and the affected domain/IP/URL.

NEW Disclosure Assistance Context Form

At this point, HackerOne reviews the requests that have come in. Please note that we cannot respond to every Disclosure Assistance request, but we will make our best effort to get you in touch with the affected organization. If you’ve submitted a Disclosure Assistance request in the past and have not received a response, feel free to submit it again with the new context form – this will help us have more information to work with!

A few quick reminders on Disclosure Assistance:

• HackerOne cannot and does not condone hacking on any organization without their permission.
• HackerOne does not ask hackers for specific vulnerability details, we only try to connect friendly hackers with the affected organizations to facilitate a discussion to ensure the issue can be responsibly disclosed. As such, HackerOne can’t always verify the legitimacy of the vulnerability, and we’ll tend to prioritize requests from hackers with higher signal.
• HackerOne cannot guarantee success – we will try our best to make a connection between the hacker and the affected organization, but it’s important to keep the EFF’s Vulnerability Reporting FAQ in mind throughout this process.

That’s it! Please see our original blog post on Disclosure Assistance for more info.

Adam Bacchus

HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.

Keep your files stored safely and securely with the SanDisk 2TB Extreme Portable SSD. With over 69,505 ratings and an impressive 4.6 out of 5 stars, this product has been purchased over 8K+ times in the past month. At only $129.99, this Amazon’s Choice product is a must-have for secure file storage.

Help keep private content private with the included password protection featuring 256-bit AES hardware encryption. Order now for just $129.99 on Amazon!

Help Power Techcratic’s Future – Scan To Support

If Techcratic’s content and insights have helped you, consider giving back by supporting the platform with crypto. Every contribution makes a difference, whether it’s for high-quality content, server maintenance, or future updates. Techcratic is constantly evolving, and your support helps drive that progress.

As a solo operator who wears all the hats, creating content, managing the tech, and running the site, your support allows me to stay focused on delivering valuable resources. Your support keeps everything running smoothly and enables me to continue creating the content you love. I’m deeply grateful for your support, it truly means the world to me! Thank you!