告诉HN:HackerOne上的互联网漏洞赏金计划(IBB)似乎已经停止运作,CVE补偿未支付。
我觉得这里可能是询问/提出这个问题的好地方。
这是关于IBB项目的:
https://hackerone.com/ibb
几个月前,我报告了两个漏洞,应该能获得大约8000美元的奖励。它们已经获得了CVE编号,并在几个月前被修复。
看起来这个项目已经停止运作。最后一份报告是在8个月前解决的。我多次尝试通过不同渠道联系HackerOne,但没有得到任何回应。这包括给官方IBB邮箱发邮件,直接给HackerOne的工作人员发邮件,通过他们的表单联系以及使用调解服务。完全没有回应。
我在社交媒体上搜索了相关信息,但没有看到任何沟通。
看起来这个项目已经停止运作。赏金仍在承诺中,但报告却被忽视——即使是那些根据规则明显符合奖励条件的已发布CVE。
有没有人知道更多关于这个情况的信息?我们该怎么做?这个项目真的停止了吗?
查看原文
I figured out this might be a good place to ask/raise this.<p>This is about the IBB program:<p>https://hackerone.com/ibb<p>A few months back, I reported two vulnerabilities that should get a $8000 payout or so. They got CVE numbers and got fixed months back.<p>It seems like the program is dead. Last report has been resolved 8 months ago. I have tried repeatedly to contact HackerOne through different channels, but got no response. This includes e-mailing the official IBB e-mail, e-mailing HackerOne people directly, reaching out through their forms and using mediation. There's total silence.<p>I searched social media for any mentions of this, but didn't see any communications.<p>It looks like the program is dead. The bounties are still being promised, but the reports are ignored - even for published CVE's that clearly do qualify for payouts according to the rules.<p>Does anyone know more about the situation? What shall be done here? Is the program dead?