[amjo324]

This is one of those cases where it's the responsibility of the bug bounty platform operator (HackerOne) to ensure that its customer (PornHub) deals appropriately with bug bounty participants. If PornHub doesn't offer a clear scope and fair reward for effort, penetration testers may be disillusioned with the HackerOne brand also and choose not to partake in other bug bounty programs it oversees. And of course the platform cannot thrive without a large number of skilled and active testers.

[dTal]

"PornHub penetration tester" would look... interesting on a resume.

[stuxnet79]

Once you have worked as a dev for at least one porno company you are pretty much pigeonholed in the industry.

[kyllo]

And that means you have to use PHP forever.

[therein]

This is so true. I work for a large social network and we recently got an email from an employee of a particular porn streaming company. They wanted to implement this new web compression protocol/algorithm into their systems and they had heard that we were doing the same.

Our solution involved writing Apache Traffic Server plugins and achieving high throughput. Their solution involved using PHP to execute the demo cli tool that came with the library and pass it the content they wanted to encode.

[ryanbertrand]

We interviewed a candidate who previously worked for sugardaddie.com. It was definitely an interesting conversation but I think yours would take the cake. :)

[us0r]

64th largest site in the world. Not sure I would want to work for someone writing me off cause of a name.

[nickpsecurity]

Yeah, that's too hard to top. I could only tweak it with PornHub penetration "expert" or "professional." I imagine the phrase protection would be avoided over security in that company given it has dual-meaning there. Wouldn't want people to think I dispensed... commodities... all day long. ;)

[tinco]

Exactly, even more it would be great publicity, at least to pentesters, if Hackerone would investigate one of these reports and publicly reprimand or even disqualify a site like PornHub.

But pentesters are not the ones paying for a HackerOne listing, those would be the companies, and perhaps the companies might not be so happy if HackerOne would publicly shame some of them.