Child pages
  • Let's use HackerOne service
Skip to end of metadata
Go to start of metadata

I've discovered a service called HackerOne (see https://hackerone.com), that is used by Phabricator and other companies as a platform for reporting potential security-related issues within an application.

Benefits

  • users of that website have security-related knowledge (no need to search for such people to test In-Portal)
  • it's free to use, but once we confirm the reported issue to be a security issue we must pay some money to reporter and HackerOne will get 20% of that money
  • amount of money (reward) we pay is up to us, but for example Phabricator guys pay more the more impact the issue has on Phabricator users

 

Dmitry Andrejev [Intechnic], if you agree with my proposal, then let's talk about this over Skype and setup a team account in there.