Uber is the last company in the world that gets to complain that somebody isn't being nice to them.

This seems unnecessarily callous. The writer was incredibly insulting to a person in a public forum, but that's ok because "well they worked for Uber"?

I don't see this discussion as about whether a corporate PR team is allowed to issue a response. It's about the author childishly lashing out at an individual because he didn't agree with their decision.

I didn't say it's ok. I said Uber doesn't get to complain.

Indeed, my belief is that this guy's and Uber's behavior are both not-ok, which is exactly why Uber doesn't get to complain.

That's not how that works at all.

Irrelevant. If he found these bugs, even if he’s been a dick about it then he still found a bunch of vulnerabilities that Uber was exposed to. Pay the man, it’s a few thousand dollars as opposed to a major exploit!

But that's my point. Of course he deserved a payout if he reported a previously unknown vulnerability. What I'm saying is that he (appears to have) behaved in such toxic way (sow) that someone denied something he deserved (reap). All parties in this are squishy humans with emotions.

No one looks good - he doesn't look good for how he behaved/communicationed, Uber doesn't look good for denying the payout on a valid report, and Hackerone doesn't look good for not enforcing a minimum payout on a valid report.

Just because you violate social mores does not entitle someone to violate the terms of their engagement with you.

A bunch of P5's that were rightly closed as informative. I completely agree w/ Uber's decisions here...