Bug Bounty Triage — Styleguide

Internal · v0.1

Color tokens

#0b0f17

surface

#111827

surface-2

#1a2233

border

#344256

accent

#5b8def

text

#e6edf6

Severity scale

critical

#e5484d

high

#f29133

medium

#e9c46a

low

#65a7e9

info

#8b96ad

success

#3ec28f

Type ramp

DisplayTriage with rigor.40 / 700 / -0.02em

H1Validated reports awaiting payout28 / 700

H2Open Critical: 2 reports older than 14 days22 / 600

H3Reproduction steps18 / 600

H4Suggested duplicates (3)15 / 600

BodyA clear summary of the issue, in plain prose, with no marketing language.14 / 400

Body smallMeta information, captions, helper text.13 / 400

MonoCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N13 / mono

Spacing scale

Buttons

Form controls

Report title

Affected asset

Internal notes

Checkboxes

Reproducible

Requires authentication

Severity band

Critical

High

Medium

Researcher visibility

Visible on hall of fame

Public disclosure

Badges

Critical 9.4 High 7.8 Medium 5.3 Low 3.1 Informational Triaging Needs info Paid

Alerts & toast

3 reports awaiting your decision.

Median age 4 days — within SLA.

SLA at risk.

2 Critical reports older than 10 days.

Payout marked paid.

Reference TX-44912 recorded; researcher notified.

Report #482 moved to Validated

Card

Report #482

High 7.8

Stored XSS in profile bio · app.example.com

Submitted by @lyra-h · 3 days ago · 2 attachments

Researcher · @lyra-h

Top 5

17 reports validated · $14,300 earned

Severity mix: 3 7 5 2

Disclosure draft

Embargoed

Publishes Jun 14 · Coordinated with @lyra-h

Table

#	Title	Severity	State	Age	Owner	Payout
482	Stored XSS in profile bio	High 7.8	Triaging	3d	Priya	$2,500
479	SSRF via webhook builder	Critical 9.4	Validated	5d	Marc	$8,000
471	Open redirect on auth callback	Low 3.1	Duplicate	8d	—	—
468	IDOR on team invite endpoint	Medium 5.3	Paid	12d	Marc	$1,200

Empty state

Inbox clear

No reports awaiting your decision. Median triage age this week: 2.1 days.

Chrome convention

Every mockup ships a dark-navy top-nav with the same brand mark, the same primary links (Dashboard · Queue · Reports · Hall of fame · Submit), and a sub-header band carrying breadcrumbs, page title, and action buttons. Mobile collapses the primary nav into a hamburger drawer. The same canonical chrome is wired across all five screens.

Primary actions (Submit / Validate / Pay out / Reject / Archive) open modals on click. Queue rows open a report-detail modal. No modal auto-opens on load.