[jtchang]

I'm siding with the vulnerability researcher here. This is ridiculous. The spirit of a bug bounty program is for the company to incentivize a researcher to find bugs and work together to squash them.

Maybe this more telling of HackerOne as a platform.

[anshuman_bh]

I think HackerOne as a platform failed here as well. I understand they try to leave themselves out as much as they can and just collect the fees for the bounties paid. But, in cases like this, I feel they should have been a little more proactive about it. I received an email from HackerOne shortly after I wrote this blog saying they will investigate but I haven't heard a word till now. Soon after that, I found out myself that I have been banned from reporting any bugs to Slack without any notification. HackerOne could have at the very least sent me an email out of courtesy but no, never happened. I even sent them a follow up email asking for clarification but haven't heard a word till date.

[ErikHuisman]

The stats are right there on the homepage of HackerOne. $2,36m paid bounties and 7,662 bugs fixed. Sounds like a lot of willing participants.