FAQs

Behave professionally

Do not disclose private program details

Only contact security teams through approved channels

No unsafe testing / service degradation

No abusive language

No duplicate account abuse or reputation farming

No misuse or theft of intellectual property

Do not disclose report information, Confidential Information or Personal Data without express written authorization

No extortion or blackmail

No unauthorized impersonation / social engineering

The use of illegal or counterfeit software is not allowed

Code of Conduct Definitions

Enforcement Actions

The HackerOne Finder Code of Conduct is enforced in accordance with the action guidelines below.

Please note that HackerOne reserves the right to escalate the severity of enforcement and sanctions in accordance with the nature of the offense and irrespective of previous offenses. Depending upon the severity of the offense, sanctions may include, without limitation, longer temporary bans, immediate removal from HackerOne Clear and HackerOne Clear Programs and/or a permanent ban from the HackerOne Platform.

Incident First Offense Second Offense Third Offense Fourth Offense Fifth Offense
Unprofessional Behavior Warning Second Warning Final Warning Temporary Ban (2-4 weeks) Permanent Ban
Discussing Private Program Details Warning Second Warning Final Warning Temporary Ban (2-4 weeks) Permanent Ban
Discussing report Info or PII Without Approval Final Warning / Program Ban Temporary Ban (2-4 Weeks) Temporary Ban (3 months) Permanent Ban
Contacting the Security team out-of-band Final Warning / Program Ban Temporary Ban (2-4 Weeks) Temporary Ban (3 months) Permanent Ban
Service Degradation / Unsafe Testing Final Warning / Program Ban Temporary Ban (2-4 Weeks) Temporary Ban (3 months) Permanent Ban
Abusive language or harassment Final Warning / Program Ban Temporary Ban (2-4 Weeks) Temporary Ban (3 months) Permanent Ban
Reputation Farming Final Warning / Program Ban* Temporary Ban (2-4 Weeks) Permanent Ban
Extortion and Blackmail Permanent Ban
Unauthorized impersonation / Social Engineering Permanent Ban

Statutory timeline of warnings: When a warning is issued in accordance with this Code of Conduct, HackerOne considers that warning to be applicable for 12 months. Warnings which are over 12 months old expire and are not typically assessed when reviewing the severity of new warnings.

See something, say something: If you see another Finder violating these rules, please reach out to our team at “support@hackerone.com” or if you are needing help on a report of your own, you can request mediation directly in the platform on the report in question.