Comment by addandsubtract

3 years ago

HackerOne should require companies to put down 10-100k in an escrow account, that can be used to pay out security researchers on the discretion of HackerOne. Allowing companies to decide when and if a bounty is paid out doesn't make any sense in this case.

1 comment

addandsubtract

Reply
DeIlliad  3 years ago

Companies just don't use HackerOne in that case and HackerOne is dead. Which is why they are beholden to the companies in question