🔶Bug Bounty Finding status

Below you can find a list with all the finding statuses used for bug bounty programs.

Finding Status
Explanation

New

Once a finding is submitted by the security researcher, it will be labelled as new by default.

In Review

The finding has been triaged and is currently being evaluated, either by the triage team or in collaboration with the client, to determine its validity and next steps.

Rejected

Upon review, if the finding does not meet the criteria or is deemed invalid, the triager or client will mark it as rejected.

Duplicate

A finding is marked as duplicate when it's the same issue reported by someone else. Duplicates are not rewarded in Bug Bounty programs.

Confirmed

When the finding is valid, it will be labelled as confirmed.

Spam

When a finding is marked as spam, it typically refers to the issue reported being irrelevant, low-quality, automated and inappropriate. Both the triagers and the client can mark this status for findings.

Withdrawn

If the researcher submits an issue and decides to withdraw it for any reason, the finding will be labelled as "Withdrawn".


Last updated