With hacker mediation, hackers can request assistance from HackerOne in extreme cases when all normal discussions with the program have been attempted and there has been no satisfactory resolution. Vice versa, programs can also request for mediation when there are issues with hackers.

* A program claims a domain is in scope on their Security Page, then makes a last minute change to pull it out of scope based on your report.

* A program clearly outlines a vulnerability in a particular domain as being worth a minimum bounty, but then awards less than that amount or no bounty at all without providing an explanation.

Requesting hacker mediation triggers the following actions:

1) An email is sent to the program's security team, requesting that they make their best effort to resolve the issue with the hacker within 3 business days.

title: "Hacker Mediation"

path: "/programs/hacker-mediation.html"

id: "programs/hacker-mediation"

With hacker mediation, programs can request assistance from HackerOne in extreme cases when all normal discussions with the hacker have been attempted and there has been no satisfactory resolution. Vice versa, hackers can also request mediation when there are issues with programs.

Hacker mediation requests commonly occur when a hacker's behavior is clearly out of sync with what is outlined on your Security Page. Examples include:

* A hacker responded to a report with inappropriate language.

* A hacker communicates with your program's security engineers using non-official communication channels outside of HackerOne such as personal emails, social media accounts, or other private connections.

* A hacker is found going outside the standard program rules.

* A hacker has requested disclosure on a private program.

* A hacker disclosed a vulnerability for a private program on social media.

In order to request mediation:

1. Open the report you'd like to request HackerOne mediation support for.

2. Scroll to the bottom of the report.

3. Click **Report Abuse**.

4. Select **Request mediation**.

This will trigger a workflow to reach out to both you and the relevant hacker.


Requesting hacker mediation triggers the following actions:

1) An email is sent to the hacker warning them of their behavior, or if the situation warrants a ban, the hacker will be notified that they'll be removed from the program.

2) If the hacker doesn't respond to the security team, or if the situation isn't resolved, HackerOne will evaluate all available information about the vulnerability report, the program that requested mediation, and the hacker to determine the appropriate level of escalation.

While HackerOne can't guarantee resolution or override a security team's assessment, hacker mediation has been used to successfully bring items to the security teams' attention, resulting in a more favorable outcome for everyone involved.

As a reminder, hacker mediation is a privilege that is reserved for hackers with 200 reputations point and signal ≥ 1. In most cases, HackerOne won't be able to mediate for reports that have been closed for over 3 months. Please respect the guidelines above and only request mediation if it's deemed absolutely necessary.

- title: Hacker Mediation

path: /programs/hacker-mediation.html