I don't think that is a fair assessment of him, even then.
At any case, I hired him fairly recently for a security audit and he worked quickly, and was very effective (he found several important vulnerabilities and reported them in a crystal clear manner). He was also a pleasure to deal with (no bullshit stance, something I find enjoyable).
The 4000 USD for ~20 hours of work were definitely well spent!
The parent was asking why Github haven't hired him, not why nobody has hired him. If you remember, Github actually banned him for hacking the Rails account in his pentesting.
Yeah, the first Github and Rails exploit is the one that still sticks out in my mind. That kind of thing can be hard to shake, but it helps that you were quite young at the time. I'm happy to see you've matured a lot since then.
I think his behaviour was commendable - he tried many many times to warn, going to multiple people and projects, but they all ignored him - they were too busy being Gem installing Ruby hipster Brogrammers to consider security, and it bit them hard in the backside.
I'm incredibly interested in angling my career towards security and have no real experience.
Wouldn't it also be wise to keep people like him 'out of the loop', I imagine it's much harder to audit when they have access to internal code/architecture that would be difficult for an outsider to stumble-upon?
At any case, I hired him fairly recently for a security audit and he worked quickly, and was very effective (he found several important vulnerabilities and reported them in a crystal clear manner). He was also a pleasure to deal with (no bullshit stance, something I find enjoyable).
The 4000 USD for ~20 hours of work were definitely well spent!