no, theyre allowed to report vulnerabilities to vendors, just not to third parties.
-
-
-
Do HackerOne/Bugcrowd count as vendors or third parties?
-
Vulns are reported to the vendor, never H1. At no point does H1 claim ownership or authority over a vuln report, and any further disclosure must be explicitly performed by finder or vendor. Terms: "HackerOne does not claim any ownership rights in any ... Vulnerability Reports".
-
I’m sort of parsing this as, if it’s going to to get fixed, let it get fixed. If it’s going to be used against us, go find your own bugs, if you can.
-
I'm fairly confident it is a strategic move to incentivize the research community to migrate to more lucrative natsec roles. I see it as a simple way to increase capacity. There are complexities involved, but the effects are a huge paycut + a reason to downsize.
End of conversation
New conversation -
-
-
Seems pretty typical for them to me, surprised it took this long.... given all the bugs Vulcan, Keen, etc have been dominating and dropping lots of bugs the last 3-4 years.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.