Report Management Overview
This is a list of all reports submitted to any program you administer, sorted by the most recent activity. This list can be sorted, searched, and filtered.
Open Reports Only:
A filter can be applied to only show reports that haven't yet been validated and require triage. Open is the default status of a new report.
Active Reports Only:
You can also filter to include Validated reports in addition to open reports to see only reported vulnerabilities that need further attention. These are the default filters applied when you first visit the Reports Inbox.
All Reports Except Rejected:
By adding the Closed filter to the previously selected filters, you can see any report that hasn't been rejected by your team.
Awarded Reports Only:
The Awarded and Unawarded filters will allow you to show or hide reports that have received an award.
Unassigned Reports Only:
To see any report that hasn't yet been assigned to a team member, you can use the Unassigned filter.
Assigned Reports Only:
To see only the reports that have been assigned in order to check up on progress, use the Assigned filter.
Reports Assigned To You:
We make it easy for you to keep up with your report assignments with the For Me filter.
When you open a report from the inbox, you'll see the Program Report, which is a copy of the original report submitted by the researcher, that allows your team full editing capability. These changes will not be shared with the researcher, only comments to the researcher and status are shared.
The severity proposed in the report submitted by the researcher is sometimes incorrect, especially as severity may vary based on impact of the vulnerability within your application. You can easily change the severity to help you determine the amount to award the researcher based on your program's Awards Table. We provide short descriptions of each level to make the decision easier.
A report can be assigned to any member of your team from the top nav report options bar. The report status can also be set from this same options bar.
In the top nav bar that is highlighted in the previous image, you'll see an award button on the right. Clicking this will bring up the modal below that is used to issue an award to the researcher for their report. This is also where you can add and save payment methods as well as set one as the default.
To see a full list of awards paid by your team for vulnerability reports submitted to your program(s), open the Payments page from the site navigation bar. If you click on the researcher's username, you will be brought to the corresponding report.