Just that they have a name that will immediately be without any trust at any non -tech company. Basically mentioning "hacking" will make any non-technical CEO shiver and call the lawyers.
It is unlikely that there is a company in the US that has a security team that hasn't heard of H1. They're kind of a big deal. Since they're the ones handling the first contact in these situations, you can safely let their name be their problem; they know how to explain themselves.
The more realistic concern here is that for these kinds of findings --- CSRFs in random web applications --- there simply isn't going to be a contact at the target company, and H1 isn't going to find one for you. That's why they point out they can't promise a contact.
>It is unlikely that there is a company in the US that has a security team that hasn't heard of H1.
You'd be surprised. HackerOne is relatively new, just several years old. Does everyone know OWASP, almost certainly yes. Does everyone know the BSide community? No.
Anyway, H1 can act as a shield, in this case. On the other hand, companies like WhiteHat or Rapid7 are probably more well-known since they will probably spam your security team on a regular basis trying to sell their products.
I think the disclosure assistance is a pretty clever idea for generating new sales leads, since by definition they will be talking to companies with an actual zero day situation.
The more realistic concern here is that for these kinds of findings --- CSRFs in random web applications --- there simply isn't going to be a contact at the target company, and H1 isn't going to find one for you. That's why they point out they can't promise a contact.