/
Let's use HackerOne service

Let's use HackerOne service

Jun 11, 2015

I've discovered a service called HackerOne (see https://hackerone.com), that is used by Phabricator and other companies as a platform for reporting potential security-related issues within an application.

Benefits

  • users of that website have security-related knowledge (no need to search for such people to test In-Portal)

  • it's free to use, but once we confirm the reported issue to be a security issue we must pay some money to reporter and HackerOne will get 20% of that money

  • amount of money (reward) we pay is up to us, but for example Phabricator guys pay more the more impact the issue has on Phabricator users

 

@Dmitry Andrejev (Unlicensed), if you agree with my proposal, then let's talk about this over Skype and setup a team account in there.