Silent features


Reports should be clear and should not misguide readers. Be a vulcan, and congruent.


Assume the program owner, developers, security team members reading the report know about the found vulnerability as much as the report describes it. The report should focus deeply on the technical aspects of the vulnerability, so they can do their job well.


This is probably one of the most important features in the report: being respectful to others. Include that respect also in all correspondence. We are authentic and not deceiving them in any way.