告诉 HN:HackerOne 上的互联网漏洞赏金计划 (IBB) 似乎已停摆,CVE 赏金未支付

4作者: irke8826 个月前
我想这里或许是提问/反馈的好地方。<p>这与 IBB 项目有关:<p>https://hackerone.com/ibb<p>几个月前,我报告了两个漏洞,应该能获得大约 8000 美元的奖励。它们都获得了 CVE 编号,并且几个月前就已经修复了。<p>但这个项目似乎已经停滞了。最近的报告是在 8 个月前解决的。我多次尝试通过不同的渠道联系 HackerOne,但没有收到任何回复。这包括向官方 IBB 邮箱发送邮件、直接向 HackerOne 的工作人员发送邮件、通过他们的表格联系以及使用调解。完全没有回应。<p>我在社交媒体上搜索了相关信息,但没有看到任何沟通。<p>看起来这个项目已经死了。赏金仍然被承诺着,但报告却被忽略了——即使是那些已经发布了 CVE 编号的报告,根据规则,这些报告显然是符合奖励条件的。<p>有人知道更多关于这种情况的信息吗?应该怎么做?这个项目已经死了吗?
查看原文
I figured out this might be a good place to ask&#x2F;raise this.<p>This is about the IBB program:<p>https:&#x2F;&#x2F;hackerone.com&#x2F;ibb<p>A few months back, I reported two vulnerabilities that should get a $8000 payout or so. They got CVE numbers and got fixed months back.<p>It seems like the program is dead. Last report has been resolved 8 months ago. I have tried repeatedly to contact HackerOne through different channels, but got no response. This includes e-mailing the official IBB e-mail, e-mailing HackerOne people directly, reaching out through their forms and using mediation. There&#x27;s total silence.<p>I searched social media for any mentions of this, but didn&#x27;t see any communications.<p>It looks like the program is dead. The bounties are still being promised, but the reports are ignored - even for published CVE&#x27;s that clearly do qualify for payouts according to the rules.<p>Does anyone know more about the situation? What shall be done here? Is the program dead?