|
|
|
|
|
|
by karma20
2507 days ago
|
|
|
HackerOne is a platform on which Valve runs a public program [1] that awards monetary bounties. I'm confused as to why Valve is allowed to forbid disclosure of "out-of-scope" reports and will only "generally" disclose reports in any case: > Please note that we will not consent to disclose reports if they have been marked out-of-scope or inapplicable, or where Valve has not taken a specific corrective action / mitigation. > Valve embraces transparency in our security. We will generally disclose the details of vulnerabilities found, upon request. [1] https://hackerone.com/valve |
|
|