Report thread overall flow
This thread serves as a central location for all discussions, updates, and interactions regarding that specific report. It allows for seamless collaboration between the reporter, organization representative, and triager.
Overall flow of bug report handling:
The bug report handling process involves several steps to ensure that issues are efficiently resolved and communicated. Here's the typical flow:
Bug Submitted: Status -> Bug Submitted A user submits a bug report.
Organization User Assigned: Status -> In progress The report is automatically forwarded to the organization team and an organization user is assigned. The security researcher receives a notification. Once an organization user is assigned, the security researcher may submit a Request Remediation at any point if they feel the communication is not progressing as expected. The Remedy team will then step in to assist.
Organization Reviews the Report: Status -> In progress The organization user thoroughly reviews the report, assessing its validity and severity. Severity level can be adjusted at this stage if needed. Remedy can still intervene at any point if assistance is required.
Decision: Confirm or Reject IF CONFIRMED: The organization announces the payout or resolves without payout.
Researcher confirms payout receipt: Status -> In progress
If the researcher disagrees with the payout, they can click "Reject Payout Announcement" and provide a reason: Status -> In progress
Report resolved: Status -> Closed
IF REJECTED: The organization must specify a rejection reason: Spam, Duplicate, Invalid, or Other
Bug Submitted: Status -> Bug Submitted A user submits a bug report.
Triager Assigned: Status -> In progress A Remedy triager is assigned to review the report.
Triager Reviews the Report: Status -> In progress The triager assesses the report's validity and severity.
Organization User Assigned: Status -> In progress The report is escalated and an organization user takes ownership.
Organization Reviews the Report: Status -> In progress The organization user thoroughly reviews the report. Severity level can be adjusted if needed. Remedy can intervene at any point if assistance is required.
Decision: Confirm or Reject IF CONFIRMED: The organization announces the payout or resolves without payout.
Researcher confirms payout receipt β Status: In Progress
If the researcher disagrees with the payout, they can click "Reject Payout Announcement" and provide a reason β Status: In Progress
Report resolved β Status: Closed
IF REJECTED: The organization must specify a rejection reason: Spam, Duplicate, Invalid, or Other (mandatory input) β Status: Closed
This flow ensures that bug reports are carefully reviewed, confirmed, or rejected based on their validity and severity.
Report thread specific terms
Within the report thread, there are additional important aspects to consider:
Escalation; Triager can transfer a report to an organization without confirming its validity.
Report Cancelation; Security experts can cancel their reports until a triager or an organization user is assigned to them.
Re-open; Organization users and triagers can re-open any closed report except canceled ones.
Request Remediation: Security researchers can request Remedy's intervention at any point after an organization user is assigned, if they feel the communication is not progressing as expected.
Last updated