I dealt with a HackerOne issue from the company side where the HackerOne participant was constantly violating HackerOne’s own rules: Breaking disclosure timelines, posting false social media statements about the bug, and even threatening our employees.
HackerOne didn’t care. No matter how many times we pointed out the person was violating their own rules, they claimed they couldn’t do anything.
It felt like a company that had been built up to steady state operations, then stripped down to a bare minimum operating crew where questions were answered by powerless support people.
This was a while ago. Maybe things have changed, but that was my impression at the time.
HackerOne didn’t care. No matter how many times we pointed out the person was violating their own rules, they claimed they couldn’t do anything.
It felt like a company that had been built up to steady state operations, then stripped down to a bare minimum operating crew where questions were answered by powerless support people.
This was a while ago. Maybe things have changed, but that was my impression at the time.