I'm really worried about the direction bugbounty plattforms like @Hacker0x01 are taking, I feel their behavior is getting more and more shady https://amonitoring.ru/article/steamclient-0day/ …
-
Show this thread
-
what happened here is that someone reported a valid and severe privsec escalation for windows with steam. but valve's program rules basically exclude such vulns.
1 reply 2 retweets 10 likesShow this thread -
but then H1 said the reporter is not allowed to disclose the vuln. like... H1 uses its ToS to try to silence researchers into not talking about valid security issues that companies don't want to fix.
2 replies 3 retweets 19 likesShow this thread
Replying to @hanno @Hacker0x01
Indeed. I see nothing stopping certain software vendors from using HackerOne as a means to make vulnerabilities "go away", assuming that the vul reporters choose to follow the policies.
6:16 AM - 9 Aug 2019
0 replies
0 retweets
1 like
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.