Hacker News new | ask | show | jobs
by memesarecool 151 days ago
Hackerone (where cURL hosted their bounty program) tracks the reputation of bounty hunters. I don't understand why they are not taking advantage of this. Make a private program, invite only hackers who have proved themselves by submitting relevant reports.
2 comments
empath75 150 days ago
https://daniel.haxx.se/blog/2025/07/14/death-by-a-thousand-s...

most of them are new users or will just create a new account if their reputation gets hit.

link
spiffyk 151 days ago
Say all projects did just that, only allowing reports from proven hackers. How does a new hacker then prove themselves?
link
GuinansEyebrows 151 days ago
i think that hypothetical is too simplistic to accurately frame the situation. we're talking about one of the largest, most widely used libraries in the open source world. at that level, they don't really need unknowns to use their project to "prove themselves" - they can contribute to smaller projects or put their own work out into the world.
link
sillywabbit 151 days ago
Start a lemonade stand?
link
GeorgeOldfield 150 days ago
find bugs for free at first. implement negative reputation for BS bugs
link