Making Things Right
Did you know HackerOne has had a Make It Right fund for years?
Often, programs and hackers come to agreeable solutions on reports according to industry standards. Sometimes, however, there are cases where HackerOne believes a hacker's submission has been treated unfairly by a customer after mediation is requested. We want to ensure we award hackers for their efforts in cases where a finding has provided substantial value.
What is the Make it Right fund?
There may be cases where we believe there's a mishandling of a hacker's submission. We want to ensure hackers receive an award for their efforts in such cases. That is what the "Make It Right" fund is all about.
If an extensive backend review concludes that HackerOne disagrees with the program's report decision, we can award the hacker a discretionary bonus from the Make It Right fund.
Why do we have a Make It Right fund?
- We want to make sure that hackers are paid fairly for reports providing value to a program
- We want to build trust between HackerOne and the hacking community.
When do we consider Make It Right?
- We messed up!
- A miscommunication with a program team has occurred, or a program makes a decision contrary to industry standards. Make It Right is considered if we have unsuccessfully engaged a program with bug bounty best practices.
So how does it work?
- Members of HackerOne submit recommendations for Make It Right consideration
- We complete extensive backend reviews of the account and any relevant reports by stakeholders across the HackerOne organization
- Each week a committee comprised of various departmental stakeholders meets to discuss any candidates for Make It Right bonuses
- We vote on eligible candidates
- If approved, the Make It Right bonus moves to our Finance team.
- Mediation informs the recipient of the Make It Right fund award 🎉
We want to commit to transparency regarding our processes for considering Make It Right cases, both internally and externally, which we hope we have allowed for in this blog post. Every case considered for Make It Right is an opportunity for us to learn and improve our services as a platform, whether that is updates to documentation, program education, or other initiatives.
The bottom line is we are all here for similar reasons - to make the internet a safer place, but also to make it rain bounties! Feel free to request mediation if you feel your report qualifies (More on how to request Mediation here).
We are here and EAGER to help.