Submitting Reports

You can submit your found vulnerabilities to programs by submitting reports.

In order to submit reports:

1. Go to a program’s profile page.

2. Click the green Submit Report button.

3. Select the asset type of the vulnerability on the Submit Vulnerability Report form.

4. Select the Bug type of potential issue you’ve discovered.

5. Select the threat level of the vulnerability. You can use the CVSS calculator to determine the severity.

   Note: The Common Vulnerability Scoring System (CVSS) is an open framework for communicating the characteristics and severity of software vulnerabilities. The CVSS calculator is implements the formula defined in the CVSS version 3.0 standard.

6. Write up your report description. State:

   • Provide a suitable report title.

   • A generic overview of the vulnerability.

   • The steps to reproduce the vulnerability.

   • What kind of impact can make if the vulnerability exploited.

7. (Optional) Attach additional files related to the report

8. Click Submit Report button.

   • After you’ve submitted your report, you must wait for programs to respond to your submission.