Skip to main content

Security@ 2022: Achieve Attack Resistance

Get your complimentary pass to Security@ 2022 with promo code VIPCOMP

October 12-13, San Diego | October 13, London

Register today

 

Code of Conduct

By participating in programs on HackerOne, all Finders agree to help empower our community by following the HackerOne Code of Conduct (CoC). The CoC is in addition to the General Terms and Conditions and Finder Terms and Conditions that all Finders must agree to when creating an account.

Behave professionally
Do not disclose private program details
Only contact security teams through approved channels
No unsafe testing / service degradation
No abusive language
No duplicate account abuse or reputation farming
No misuse or theft of intellectual property
Do not disclose report information, confidential information or personal data without express written authorization
No extortion or blackmail
No unauthorized impersonation / social engineering
The use of illegal or counterfit software is not allowed
Code of Conduct definitions

Enforcement Actions

The HackerOne Finder Code of Conduct is enforced in accordance with the action guidelines below.

Please note that HackerOne reserves the right to escalate the severity of enforcement and sanctions in accordance with the nature of the offense and irrespective of previous offenses. Depending upon the severity of the offense, sanctions may include, without limitation, longer temporary bans, immediate removal from HackerOne Clear and HackerOne Clear Programs and/or a permanent ban from the HackerOne Platform.

IncidentFirst OffenseSecond OffenseThird OffenseFourth OffenseFifth Offense
Unprofessional BehaviorWarningSecond WarningFinal WarningTemporary Ban (2-4 weeks)Permanent Ban
Discussing Private Program DetailsWarningSecond WarningFinal WarningTemporary Ban (2-4 weeks)Permanent Ban
Discussing report Info or PII Without ApprovalFinal Warning / Program BanTemporary Ban (2-4 Weeks)Temporary Ban (3 months)Permanent Ban
Contacting the Security team out-of-bandFinal Warning / Program BanTemporary Ban (2-4 Weeks)Temporary Ban (3 months)Permanent Ban
Service Degradation / Unsafe TestingFinal Warning / Program BanTemporary Ban (2-4 Weeks)Temporary Ban (3 months)Permanent Ban
Abusive language or harassmentFinal Warning / Program BanTemporary Ban (2-4 Weeks)Temporary Ban (3 months)Permanent Ban
Reputation FarmingFinal Warning / Program Ban*Temporary Ban (2-4 Weeks)Permanent Ban
Extortion and BlackmailPermanent Ban
Unauthorized impersonation / Social EngineeringPermanent Ban

Statutory timeline of warnings: When a warning is issued in accordance with this Code of Conduct, HackerOne considers that warning to be applicable for 12 months. Warnings which are over 12 months old expire and are not typically assessed when reviewing the severity of new warnings.

See something, say something: If you see another Finder violating these rules, please reach out to our team at “support@hackerone.com” or if you are needing help on a report of your own, you can request mediation directly in the platform on the report in question.