Sometimes information is available, but not exactly easy to find. This should never be the case for a Security Team's policy.
Today, we are launching Policy Version Browsing. On every single Security Team page, you will now be able to see when the policy was last changed, and you will be able to click through to see all policy changes for the program.
Click 'View changes' to show the different policies the team has had
You can see that HackerOne does not accept reports related to missing API rate limiting on
api.hackerone.com. If you click through our policy versions, you can see that we added this exclusion to our policy on June 2nd at 16:28 UTC. Check out change 2858720:
If you have any feedback, we'd love to hear from you. You can always reach us at firstname.lastname@example.org.
HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited. As the contemporary alternative to traditional penetration testing, our bug bounty program solutions encompass vulnerability assessment, crowdsourced testing and responsible disclosure management. Discover more about our security testing solutions or Contact Us today.