Simply putting my name as HackerOne user does not mean I am bias. Also no, hackerone or Uber none of them paid me to say the comments. If simply putting my points and pointing out the wrong facts will make me look bias…
Also, I wish I am an hackerone employee or work in any of these platforms as an employee. I am simply a hacker and also employee of a company that runs a bbp so I have in both sides and I understand frustration of both…
My username has nothing to do with anything. I simply chose it to hide my identity. I said what I said because I hack multiple programs throughout multiple platforms. These kind of blogs usually give a sense to…
I will not say anything about whether he needs to get paid or not until Uber discloses the report. If he showed that it is a valid xss and not a content injection then I guess it would be valid. But again, right now we…
Alright, I need to make more things clear here because clearly you have no experience on how HackerOne's platform works: 1) Companies have ability to change when the disclosure happens. This is because sometimes, if I…
If you check reports that are actually valid, you can see that Uber actually pays for valid issues. Excluding the 100,000, Uber has already paid 1million+ in bug bounty. Please check their hackerone platform :)
Here is my personal take on this: I have worked personally in numerous occasion with Uber's security team. I have helped them with many security issues and they have always been open to securing vulnerabilities,…
Simply putting my name as HackerOne user does not mean I am bias. Also no, hackerone or Uber none of them paid me to say the comments. If simply putting my points and pointing out the wrong facts will make me look bias…
Also, I wish I am an hackerone employee or work in any of these platforms as an employee. I am simply a hacker and also employee of a company that runs a bbp so I have in both sides and I understand frustration of both…
My username has nothing to do with anything. I simply chose it to hide my identity. I said what I said because I hack multiple programs throughout multiple platforms. These kind of blogs usually give a sense to…
I will not say anything about whether he needs to get paid or not until Uber discloses the report. If he showed that it is a valid xss and not a content injection then I guess it would be valid. But again, right now we…
Alright, I need to make more things clear here because clearly you have no experience on how HackerOne's platform works: 1) Companies have ability to change when the disclosure happens. This is because sometimes, if I…
If you check reports that are actually valid, you can see that Uber actually pays for valid issues. Excluding the 100,000, Uber has already paid 1million+ in bug bounty. Please check their hackerone platform :)
Here is my personal take on this: I have worked personally in numerous occasion with Uber's security team. I have helped them with many security issues and they have always been open to securing vulnerabilities,…