| Alright, I need to make more things clear here because clearly you have no experience on how HackerOne's platform works: 1) Companies have ability to change when the disclosure happens. This is because sometimes, if I find a RCE lets say, companies have to run incident response. This sometimes take more than 30 days. Also to add, if I just request disclosure for any BS report then it will just cluster the disclosure page with no valuable information for new hackers. 2) I haven't seen reports getting locked unless reporter goes "Can i haz update" every 2 days. Then in such cases, Locking a report is more than fair. 3) You might be confusing this with Limited Disclosure. That is allowed in both sense by companies and hackers. Most of my reports are limited disclosure because sometimes, I have to share personal details or personal information that I don't want other hackers to see. I support transparency that is why, till this day, all of my resolved reports for public programs are publicly disclosed. Even in Uber's case, I have disclosed bug but they were limited disclosure because it had my personal information. But if you check, Uber has allowed me to write public blogs on my reports. So please, learn about the platform and a program works before you make any form of assumption. |
Welcome to Hacker News, I see it’s your first time visiting.