From my experience with bug bounties, if it's not on the OWASP TOP10, they'll ki... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		philpem on Aug 29, 2019 \| parent \| context \| favorite \| on: Google just deleted my nearly 10-year-old free and... From my experience with bug bounties, if it's not on the OWASP TOP10, they'll kick, stamp, scream and fight -- even if you say "I don't want the bounty, I just want this bug fixed". (backstory: found a bug in Twitter which disclosed DMs. Reported it, Twitter engineer had a raging tantrum on Hackerone, H1 (I assume) mistook his messages for mine and banned me from the site. Found out a mutual was a Twitter engineer, sent him the POC. A few days later, fixed)

IggleSniggle on Aug 29, 2019 | [–]

Please don’t abbreviate as H1. It messes up my pronunciation of the Hackerone program. Hackerone rhymes with macaroni.

zifnab06 on Aug 29, 2019 | | [–]

Much like CoreOS rhymes with Oreos.

dannyw on Aug 29, 2019 | [–]

I refuse to use H1 because of how hostile they are to security researchers.

Aeolun on Aug 29, 2019 | [–]

That’s so counterproductive it would be funny if it wasn’t so sad.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact