Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Hackerone has non-technical people screening your exploits. They will often mark them as out of scope.

Companies will routinely downgrade the severity of your exploit so they can pay you less.



I've had enough repeated bad interactions through Hackerone that I will go full disclosure on any company that offers it as the only disclosure channel.

(If Hackerone wants to fix that: enable easy, on-platform disclosure unconditionally after 30 days. Right now, the platform is just used to pressure people into delaying disclosure or not disclosing at all.)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: