ARTICLE

The Psychology of Report/Issue Templates

by | Thu 1 Sep 2016

This week HackerOne, who I have been working with recently, landed Report Templates.

In a nutshell, a report template is a configurable chunk of text that can be pre-loaded into the vulnerability submission form instead of a blank white box. For example:

96ba76fdc5f74c773902b8b975ea161326a72ffc_original

The goal of a report template is two-fold. Firstly, it helps security teams to think about what specific pieces of information they require in a vulnerability report. Secondly, it provides a useful way of ensuring a hacker provides all of these different pieces of information when they submit a report.

While a simple feature, this should improve the overall quality of reports submitted to HackerOne customers, improve the success of hackers by ensuring their vulnerability reports match the needs of their security teams, and result in overall better quality engagement in the platform.

Similar kinds of templates can be seen in platforms such as Discourse, GitLab, GitHub, and elsewhere. While a simple feature, there are some subtle underlying psychological components that I thought could be interesting to share.

The Psychology Behind the Template

When I started working with HackerOne the first piece of work I did was to (a) understand the needs/concerns of hackers and customers and then based on this, (b) perform a rigorous assessment of the typical community workflow to ensure that it mapped to these requirements. My view is simple: if you don’t have simple and effective workflow, it doesn’t matter how much outreach you do, people will get confused and give up.

This view fits into a wider narrative that has accompanied my work over the years that at the core of great community leadership is intentionally influencing the behavior we want to see in our community participants.

When I started talking to the HackerOne team about Report Templates (an idea that had already been bounced around), building this intentional influence was my core strategic goal. Customers on HackerOne clearly want high quality reports. Low quality reports suck up their team’s time, compromise the value of the platform, and divert resources from other areas. Similarly, hackers should be set up for success. A core metric for a hacker is Signal, and signal threshold is a metric for many of the private programs that operate on HackerOne.

In my mind Report Templates were a logical areas to focus on for a few reasons.

Firstly, as with almost everything in life, the root of most problems are misaligned expectations. Think about spats with your boss/spouse, frustrations with your cable company, and other annoyances as as examples of this.

A template provides an explicit tool for the security team to state exactly what they need. This reduces ambiguity, which in turn reduces uncertainty, which has proven to be a psychological blocker, and particularly dangerous on communities.

There has also been some interesting research into temptation and one of the findings has been that people often make irrational choices when they are in a state of temptation or arousal. Thus, when people are in a state of temptation, it is critical for us to build systems that can responsibility deliver positive results for them. Otherwise, people feel tempted, initiate an action, do not receive the rewards they expected (e.g. validation/money in this case), and then feel discomfort at the outcome.

Every platform plays to this temptation desire. Whether it is being tempted to buy something on Amazon, temptation to download and try a new version of Ubuntu, temptation to respond to that annoying political post from your Aunt on Facebook, or a temptation to submit a vulnerability report in HackerOne, we need to make sure the results of the action, at this most delicate moment, are indeed positive.

Report Templates (or Issue/Post Templates in other platforms) play this important role. They are triggered at the moment the user decides to act. If we simply give the user a blank white box to type into, we run the risk of that temptation not resulting in said suitable reward. Thus, the Report Template greases the wheels, particularly within the expectations-setting piece I outlined above.

Finally, and as relates to temptation, I have become a strong believer in influencing behavioral patterns at the point of action. In other words, when someone decides to do something, it is better to tune that moment to influence the behavior you want rather than try to prime people to make a sensible decision before they do so.

In the Report Templates example, we could have alternatively written oodles and oodles of documentation, provided training, delivered webinars/seminars and other content to encourage hackers to write great reports. There is though no guarantee that this would have influenced their behavior. With a Report Template though, because it is presented at the point of action (and temptation) it means that we can influence the right kind of behavior at the right time. This generally delivers better results.

This is why I love what I do for a living. There are so many fascinating underlying attributes, patterns, and factors that we can learn from and harness. When we do it well, we create rewarding, successful, impactful communities. While the Report Templates feature may be a small piece of this jigsaw, it, combined with similar efforts can join together to create a pretty rewarding picture.

An invitation-only accelerator that develops industry-leading community engagement and growth via personalized training, coaching, and accountability...all tailored to your company's needs.

Want to read some more?

Community Strategy & Management with CRM Tools

Community Strategy & Management with CRM Tools

I once sat down with a fellow community manager who told me, "The tools you use can make or break your community strategy." And she was spot on. Community management isn't just a buzzword; it's an art form that requires the right blend of technology, strategy, and...

Decoding Community Metrics: Data-Driven Growth Strategies

Decoding Community Metrics: Data-Driven Growth Strategies

In the bustling tech landscape, where buzzwords flutter like a swarm of bees, a few terms stand out not just for their buzz but for their genuine impact: "Community Metrics" tops that list. But why zero in on these metrics? They're the compass that guides your...

Online & Open Source Community Management: Simplified Strategies

Online & Open Source Community Management: Simplified Strategies

Ever caught yourself overwhelmed by a seemingly insurmountable pile of tasks? You're not alone. In the demanding worlds of DevRel and open source community management, stress and the nagging doubts of imposter syndrome can frequently surface. However, it's crucial to...

Rethinking Online Events: Beyond Boring Webinars

Rethinking Online Events: Beyond Boring Webinars

Remember that time you found yourself stuck in yet another lifeless webinar, counting down the minutes until you could escape? We've all been there. But what if online events could be different? What if they could be so engaging and interactive that attendees leave...