|
|
|
|
|
|
by radku
69 days ago
|
|
|
This could significantly impact security of large parts of web ecosystem. Perhaps Node.js can switch to a VDP, no-bounty program. From Hacker One: "VDP is designed solely for receiving, validating, and addressing security reports without a paid bounty element" |
|
|
> Security reporting remains unchanged. We still accept and triage vulnerability reports through HackerOne. If you discover a security issue, please continue to report it responsibly.