FAQs

Respect Confidentiality, Disclosure Guidelines and NDAs

Only Use Approved Communication Channels

Be Professional

Follow Local Laws

Respect Live Hacking Event’s Special Rewards and Rules

General Provisions

Definitions

Investigation and Enforcement

If a complaint is received from a customer, team member, another Finder, or if HackerOne observes something that appears to violate the Code of Conduct and/or these RoEs, HackerOne will in all cases:

  • Assume good intent: HackerOne trusts that hackers will want to do the right thing
  • Investigate fully so HackerOne understands what did (and did not) happen. HackerOne will speak to all parties involved, where appropriate, and attempt to provide a neutral viewpoint.
  • Repercussions: If HackerOne determines the Finder has violated the Code of Conduct and/or these RoEs, there will be disciplinary actions depending on the severity and HackerOne’s assessment of intent. Repercussions could include, depending on severity, temporary bans and permanent bans from the event, future live hacking events and/or the platform.

In general, HackerOne will seek to enforce these rules of engagement in accordance with the action guidelines below.

Incident First Offense Escalated Offense Further Escalated Offense
Not Adhering to Live Event's Communication Channels Specific Event Program Ban (1 - all Events) Live Events Temporary Ban (1 - 3 Events) Live Events Permanent Ban
Unprofessional Behavior: Exploiting Live Events Special Rewards and Rules Specific Event Program Ban Live Events Temporary Ban (1 - 3 Events) Live Events Permanent Ban
Inappropriate Interactions with Client's Security Team Specific Event Program Ban Live Events Temporary Ban (1 - 3 Events) Live Events Permanent Ban
Abusive Language & Harassment Live Events Temporary Ban (Time varies based on severity) Live Events Temporary Ban (Time varies based on severity) Live Events Permanent Ban
Breaking the Live Hacking Event's Confidentiality Guidelines Live Events Temporary Ban (1 - 3 Events) Live Events Permanent Ban
Violating NDA Live Events Permanent Ban
Not complying with regions local laws Live Events Permanent Ban
Extortion and Blackmail Live Events Permanent Ban
Unauthorized Impersonation / Social Engineering Live Events Permanent Ban

Please note, however, that HackerOne reserves the right to escalate the severity of enforcement and sanctions in accordance with the nature of the offense and irrespective of previous offenses. Depending upon the severity of the offense, sanctions may include, without limitation, longer temporary bans, immediate removal from HackerOne Clear and HackerOne Clear Programs and/or a permanent ban from the HackerOne Platform.