undefined | Better HN

0 pointspedroaraujo7y ago0 comments

There are rules for bug bounty programs: - https://hackerone.com/keybase

0 comments

3 comments · 1 top-level

hjek7y ago· 2 in thread

Which one of those "outside the scope" categories would you say this one falls into then?

To me it reads like there's nothing preventing this bug report from deserving a bounty.

None of these bullets are “open and shut cases”, but all are related without needing a major leap, especially the first one.

* Content spoofing / text injection

* Issues related to software or protocols not under Keybase control

* Reports of spam

* Vulnerabilities affecting users of outdated or unpatched browsers and platforms

Do I agree with their (alleged) actions? NO! But as I know several folks at Keybase personally, I’m sure there’s another side to this story and I’m willing to give them some benefit to the doubt until I hear otherwise.

daveFNbuck7y ago

If this vulnerability can fit those 4 categories, what kind of vulnerability would you be confident would qualify for the bounty?

1 more reply

j / k navigate · click thread line to collapse