Code of Conduct

By participating in programs on HackerOne, all Finders agree to help empower our community by following the HackerOne Code of Conduct.

  • No abusive language or harassment: Any form of hate speech, profanity, or threats will not be tolerated. Nor does HackerOne tolerate any discrimination based on age, ethnicity, level of experience, nationality, personal appearance, race, religion, sexual or gender identity and orientation, physical appearance, political beliefs, or other protected classes.
  • Only use official communication channels: Do not use personal emails, social media accounts, or other private connections to contact a member of a security team in regards to vulnerabilities or any program related issues, unless you have been instructed to do so by the program.
  • No reputation farming: Any activity that creates an unfair gain in reputation or bounties is prohibited. This includes the creation of fake programs, collusion with members of a security team, requests for an inappropriate report state (e.g., self-close or Informative), or anything that would be considered an unfair advantage or influence when it comes to determining the bounty or reputation for a report. Request mediation if you do not agree with how a report has been closed.
  • No duplicate account abuse: Using a duplicate account to bypass rate limits, signal requirements, or any other limitation or enforcement placed upon another account is not allowed.
  • No extortion or blackmail: Any attempt to obtain bounties, money or services by coercion is not permitted. Follow the spirit of Do No Harm: If you have information about a potential vulnerability or inadvertently come into possession of private data, please promptly initiate the disclosure process as described above.
  • No unauthorized impersonation: Any unauthorized attempts to socially engineer another party through impersonation of a HackerOne employee, another hacker, or a security team will not be tolerated.

The HackerOne Vulnerability Disclosure Guidelines is enforced in the following manner:

  • If you see something, say something: If you see a user violating these rules, please reach out to our team at “support@hackerone.com” or use the Report Abuse functionality on the report.
  • Three strikes: Any breach of the rules listed above will first result in a written warning from HackerOne. If the negative behavior continues, we will suspend the user's access to the platform for an appropriate period of time. If the behavior remains after the first two measures are taken, HackerOne will issue a permanent platform ban.
  • Zero tolerance: If a user breaks any of our platform’s rules in a particularly egregious manner, HackerOne reserves the right to immediately issue a permanent platform ban.