Pentesters are prohibited from sharing information outside of the specific channels created for the specific Pentest/Program. Specifically created channels include communications within the HackerOne platform and any Pentest- or Program-specific Slack instances.
Pentesters must strictly comply with all confidentiality guidelines, requirements and obligations related to the Pentests/Programs in which they participate. These guidelines apply to vulnerability information, customer information, policy or scope details, bugs, account information, and any other Program-specific information. This also includes information related to the HackerOne Pentest product itself.
If a Program or Pentest requires an additional NDA or other contractual agreement, it is fundamental to respect these signed documents and comply with their requirements. Disclosing information in violation of confidentiality guidelines and/or applicable NDAs/contracts is strictly prohibited. Failing to comply will be a breach of your obligations to the customer and could result in direct action against you.
No disclosure of any vulnerability reports from any HackerOne Pentests may be made without the Customer’s explicit written approval via a communication within the HackerOne platform. This supersedes the standard disclosure process described in the HackerOne Disclosure Guidelines available at https://www.hackerone.com/disclosure-guidelines.
Without limiting any confidentiality obligations you may have under the HackerOne Pentest’s program, you agree that you can make no disclosure of any HackerOne Pentests Customer’s name without explicit written approval from the customer via in-platform communication.
Specifically, and without limiting the prior statement, you may make no posting on social media regarding any HackerOne Pentest Customer or Pentest and related activities without explicit written permission from the customer. Requests for such permission needs to be in written format via the HackerOne platform.