Enabling and Sharing Known Issues

To help reduce the number of duplicate submissions you receive, you can share information about the known issues that have already been reported. By sharing this information, you provide better visibility into your program so that researchers can focus their efforts on finding unique vulnerabilities and exploring other potential attack vectors for your targets.

This level of transparency has a couple of key benefits:

  • Increases efficiency: Visibility into previously found vulnerabilities provides researchers insights to better focus their testing efforts so that they can submit more unique issues and fewer duplicates.
  • Increases testing activity: Programs that share previously found vulnerabilities are seen as more appealing to researchers because they are more likely to be the first to find unique vulnerabilities and be rewarded.

Shared known issues appear on the program brief, are grouped by target, and categorized by VRT classification. Any issue with a status of triaged, unresolved, or duplicate will be visible to the researcher. Researchers can drill down into known issues by VRT classification.

The Known Issue counts are displayed in the Program Brief for all the submissions on those targets across one’s organization and not only for that program.

By default, the option to share known issues is not enabled. To enable known issue sharing, go to your Program Settings.

settings

From the Program Brief tab, find the Known Issues section. Select the Display known issues count on program brief option. All P1-P4 issues classified as triaged, unresolved, won't fix, or duplicate will be shared.

display-known-issues-option

Click Update program to apply the changes.

update-program

When the researcher views the program brief, they can view the known issues in the Targets area. For more information, see Viewing Known Issues.


Onboarding
Account Management
Program Management
Reporting
Submission Management
Integration Management