zlacker

[parent] [thread] 2 comments
1. thauma+(OP)[view] [source] 2025-06-24 18:53:56
> Their success rate on HackerOne seems widely varying.

Some of that is likely down to company policies; Snapchat's policy, for example, is that nothing is ever marked invalid.

replies(1): >>jamess+21
2. jamess+21[view] [source] 2025-06-24 18:57:53
>>thauma+(OP)
Yes, I'm sure anyone with more HackerOne experience can give specifics on the companies' policies. For now, those are the most objective measures of quality we have on the reports.
replies(1): >>moyix+E3
◧◩
3. moyix+E3[view] [source] [discussion] 2025-06-24 19:09:24
>>jamess+21
This is discussed in the post – many came down to individual programs' policies e.g. not accepting the vulnerability if it was in a 3rd party product they used (but still hosted by them), duplicates (another researcher reported the same vuln at the same time; not really any way to avoid this), or not accepting some classes of vuln like cache poisoning.
[go to top]