|
|
|
|
|
|
by ziml77
1898 days ago
|
|
|
How can they demand that you keep it confidential if they've already declared it to be out-of-scope? People need to start releasing these exploits instead of being a slave because they'd no longer get any payouts from HackerOne. Once the exploits are public, I assure you that either Valve will scramble to fix them or people will start looking for safer alternatives. |
|
|
I have been involved with other bounties on that site in that time, related to other companies & products.
I suspect if I had "broken their (Hackerone) policy" with this issue in that time, there would have been problems receiving a reward from the other bounty programs relating to different companies...
This isn't the only reason I haven't publicised the issue more widely, I've had other things on my plate, but it is a consideration.