[ortekk]

$0. Their page on Hackerone is a "Vulnerability Disclosure Program", not "Bug Bounty Program".

[miou]

It is possible they received a reward, it just isn't publicized.

"The decision to pay a reward is entirely at our discretion. You must not violate any law. You are responsible for any tax implications or additional restrictions depending on your country and local law. We reserve the right to cancel this program at any time."

(https://www.cloudflare.com/disclosure/)

[lima]

Cloudflare, in some ways, still has a startup mindset when it comes to security and operations (both in good and bad ways).

[swiley]

But they're terminating people's TLS?