Scope Management Workflow
2023 | User Research, Interaction design and Prototyping
Overview
HackerOne is a security platform that connects businesses with ethical hackers. It helps organizations identify and resolve critical system vulnerabilities before they can be exploited or fall prey to cyber-attacks. One of the core features of the platform is the ability for organizations to create and manage bug bounty programs. A bug bounty program is a deal offered by organizations by which hackers can receive compensation for reporting a vulnerability or a bug.
Each program has specified which software, websites, or applications that are eligible for testing. These are called assets.
Context
I joined this project immediately after the launch of a new product that was the outcome of a shift in the business model. This shift was intended not only to unify all the products under one umbrella but also to centralize the organization's assets in a single location for distribution across various product areas.
These changes impacted the way users manage their programs in the platform because it introduced a completely new workflow which resulted in a high number of complaints and escalations.
Diving into user problems
I took this opportunity to dive into the feedback that we were receiving and also to sit with users to observe how they were interacting with the system.
Finding 1
I identified 2 different use cases. 80% of our customers only had 1 or 2 programs to manage. While the remaining 20%,(mainly large enterprise customers) had more programs to manage with a high number of assets. The new workflow that was introduced mainly benefited these 20% of customers, leaving the majority of customers very frustrated.
Finding 2
In the past customers used to manage their programs inside the program’s setting page. Now they had to perform these tasks inside the centralized place (Asset inventory), which meant they had to switch back and forward between two different contexts. This context switching made this task flow much more time-consuming because not only added a lot more clicks but also users would have to recall where the new location was.
Finding 3
The new workflow had a lot of usability issues such as pointing users to a dead end leaving them without knowing where to go next, bad use of terminology, and contextual actions were missing in certain areas.
First step: Manage the scope inside the programs
To better understand, let's use the example of a fusebox that controls and distributes electricity in your home. It also allows you to manage appliances in all rooms by turning them on or off from a single location in case of an emergency.
Now imagine if you could only turn the lights in your bedroom on or off from the fusebox. You would have to go to the fusebox every time you wanted to turn off the light in your room. Wouldn’t that be annoying?
The idea to let users manage their assets (appliances) from a centralized place (fuse box) makes sense, and actually, it can be very useful in some instances. But for the majority of the time you want to be able to do it from the context of your program (room).
So the solution for this problem was to let users manage the scope of the program when inside the program and allow them to still choose what assets to use from the inventory. This would massively reduce the time spent, especially for customers who spend most of their time managing one single program and still allow them to keep their assets in a centralized place.
Second step: Fix asset inventory's usability issues
I identified a few areas to improve for the new workflow where users could manage their assets and programs from the asset inventory.
Task flow: Create and add a new asset to a program
Problem: After creating the asset, the modal would close, and users would have to find the created asset within the list of all the assets.
Solution: While creating do not reveal all the options at once, so give users control over when and if they need content. Additionally allows users to open the ‘add to program’ modal directly after creating an asset.
Task flow: Adding existent assets to a program
Problems 1: The action used to be called 'add to scope' which left users unsure of what the button would do. In some cases when users wanted to add an 'out of scope' asset to a program they would have to click the ‘add to scope’ button, which was counterintuitive.
“To mark something as out of scope, you have to go through the add asset, which is non-intuitive to people.”
Solution: Keep the language simple and to the point so users what the result of their action is going to be.
Task flow: Editing scope details of an asset
Problem: Editing the scope details implied a lot of clicks and users were not sure which direction to take. his left users lost and frustrated because they couldn’t complete the necessary tasks.
Solution: Provide contextual actions on the asset view.
Closing offs
Constantly sharing the findings from user research helped the team to understand and empathize with the struggles that users go through. This approach also helped to get buy-in from the team to focus on usability issues.
These improvements went live in stages so we could use live data to do further refinements in the flow. We started monitoring the usage of scope management from the different areas in the platform (inside program vs asset inventory) so we could understand how much impact we added in conversion.