Practise the standard verbs for writing a clear, actionable bug bounty report.
0 / 5 completed
1 / 5
Fill in: 'We ___ every finding with exact, numbered reproduction steps, since a triager who can't reliably reproduce a report tends to deprioritise it regardless of real severity.'
We 'write up a finding' — the standard, simple collocation for documenting a security vulnerability clearly. The other options are less idiomatic here.
2 / 5
Fill in: 'Submitting a report that just asserts impact without evidence can ___ a genuinely serious vulnerability read as speculative and closed without a proper look.'
We say an unsupported report will 'leave' a real issue dismissed as speculative — the standard, natural collocation for the resulting outcome. The other options aren't idiomatic here.
3 / 5
Fill in: 'We ___ the vulnerability in a fresh, clean environment before submitting, since a bug that only appears on one oddly configured machine isn't yet a confirmed report.'
We 'reproduce a vulnerability' — the standard, simple collocation for confirming a bug behaves consistently before reporting it. The other options are less idiomatic here.
4 / 5
Fill in: 'We ___ the finding against the program's stated scope carefully, since a technically real bug on an out-of-scope asset simply won't be accepted or paid.'
We 'check a finding' — the standard, simple collocation for verifying a report fits a program's defined boundaries. The other options are less idiomatic here.
5 / 5
Fill in: 'We ___ the vulnerability responsibly through the program's private channel, rather than posting details publicly before a fix has actually shipped.'
We 'disclose a vulnerability' — the standard, established collocation for reporting a security issue through proper channels. The other options aren't the recognised term here.