[morganvachon]

My firing-from-the-hip response is that HackerOne is possibly making more bank from Uber and other big corporate clients in the short term than they would from building an established userbase, and they are going to cash out and dump the project soon. Corporations get what they wanted (effectively free quality pentesting), and HackerOne can run the narrative that it was a "foolish venture" all the way to the bank.

But, I'm probably wrong; the company seems to be well financed and has attracted a ton of clients that would be pissed if their investments were to disappear like that. Maybe it's just growing pains combined with fear of pissing off bad actors like Uber. They supposedly have nearly 100,000 active pentesters contracted, so they can stand to lose a little face to keep Uber happy.