From c55dd66fcb9da46066da322f26f494a686a1fc5f Mon Sep 17 00:00:00 2001 From: Rafael Gonzaga Date: Thu, 19 Feb 2026 16:27:57 -0300 Subject: [PATCH] Blog: update new HackerOne signal requirements (#8641) --- .../en/blog/announcements/hackerone-signal-requirement.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/apps/site/pages/en/blog/announcements/hackerone-signal-requirement.md b/apps/site/pages/en/blog/announcements/hackerone-signal-requirement.md index 34dd19dc1d551..1f2354e29adf1 100644 --- a/apps/site/pages/en/blog/announcements/hackerone-signal-requirement.md +++ b/apps/site/pages/en/blog/announcements/hackerone-signal-requirement.md @@ -1,11 +1,15 @@ --- -date: 2026-01-21T12:00:00.000Z +date: 2026-02-19T12:00:00.000Z category: announcements title: New HackerOne Signal Requirement for Vulnerability Reports layout: blog-post author: The Node.js Project --- +**UPDATE 2026-02-19**: New researchers without signal can no longer submit reports through HackerOne. If you are a new researcher and would like to report a potential vulnerability, please reach out to the [Node.js security release stewards](https://github.com/nodejs/node?tab=readme-ov-file#security-release-stewards) through the [OpenJS Foundation Slack](https://slack-invite.openjsf.org/). + +--- + We have updated our [HackerOne program](https://hackerone.com/nodejs) to require a **Signal of 1.0 or higher** to submit vulnerability reports to the Node.js project.