Skip to content
This repository has been archived by the owner on Nov 20, 2023. It is now read-only.

Commit

Permalink
Merge pull request #1212 from cadamini/patch-1
Browse files Browse the repository at this point in the history
  • Loading branch information
martijnrusschen authored Oct 23, 2023
2 parents 8d27459 + 841ce1f commit 71f18bb
Showing 1 changed file with 10 additions and 10 deletions.
20 changes: 10 additions & 10 deletions docs/organizations/retesting.md
Original file line number Diff line number Diff line change
Expand Up @@ -17,30 +17,30 @@ To have hackers retest a vulnerability:

3. Click **Confirm retest**.

The original hacker that submitted the vulnerability will be invited to take part in the retest.
The original hacker who submitted the vulnerability will be invited to take part in the retest.

The hacker will submit their findings in the **Retest findings** form at the bottom of the report. The form consists of these fields:
* Are you able to reproduce the vulnerability report?
* Please provide us with a short summary of how you retested the vulnerability and upload any attachments of your validations.

![retesting form](./images/retesting-form.png)
![retesting form](./images/retesting-form.png)

After the hacker submits their findings, you’ll be prompted to either **Approve and resolve** or **Reject** the retest. When approving the retest you can award the hacker with $50 or more.
After the hacker submits their findings, you’ll be prompted to either **Approve and resolve** or **Reject** the retest. When approving the retest, you can award the hacker with $50 or more.

![retesting approval form](./images/retesting-approval-form.png)

If you choose to:
If you choose the following actions for the retest:

Action | Scenario | Details
------ | -------- | --------
**Approve and resolve** the retest | The hacker says the vulnerability is fixed. | The report will close and will be marked as *Resolved*. The hacker will also be awarded a bounty.
**Reject** the retest | The hacker says the vulnerability is fixed. | You’ll need to provide a summary to the hacker explaining why you’ve rejected the retest. You can choose to request another retest for the report, by going back to step 1. <br><br>The status of the report will be changed to its previous state..
**Approve** the retest | The hacker says the vulnerability is not fixed. | The report will move back to *Triaged* and will stay open for the team to implement a fix. The hacker will be awarded a bounty.
**Reject** the retest | The hacker says the vulnerability is not fixed. | You’ll need to provide a summary to the hacker explaining why you’ve rejected the retest. You can choose to request another retest for the report, by going back to step 1. <br><br>The status of the report will be changed to its previous state.
**Approve and resolve** | The hacker says the vulnerability is fixed. | The report will close and will be marked as *Resolved*. The hacker will also be awarded a bounty.
**Reject** | The hacker says the vulnerability is fixed. | You’ll need to provide a summary to the hacker explaining why you’ve rejected the retest. You can choose to request another retest for the report, by going back to step 1. <br><br>The status of the report will be changed to its previous state..
**Approve** | The hacker says the vulnerability is not fixed. | The report will move back to *Triaged* and will stay open for the team to implement a fix. The hacker will be awarded a bounty.
**Reject** | The hacker says the vulnerability is not fixed. | You’ll need to provide a summary to the hacker explaining why you’ve rejected the retest. You can choose to request another retest for the report, by going back to step 1. <br><br>The status of the report will be changed to its previous state.

If the original hacker rejects the retest, the report will pass back to the you in its previous state. You are also able to cancel a retest if the original hacker does not respond in time.
If the original hacker rejects the retest, the report will pass back to you in its previous state. You are also able to cancel a retest if the original hacker does not respond in time.

>Note: Retesting is not available for anonymous reports.
> **Note:** Retesting is not available for anonymous reports.
### Payments
Hackers will be awarded a bounty for each successful retest. Awards for retests will be paid from your bounty pool. If you're using the consumption tier to pay for your bounties, payments for retests will count toward the tier.

0 comments on commit 71f18bb

Please sign in to comment.