It sounds to me like a good reason not to use HackerOne to run your bug disclosure program. Frankly, having been a PSIRT member myself, I'd be very leery of using HackerOne.
The Register 
Biting the hand that feeds IT
About Us
Our Websites
Copyright. All rights reserved © 1998–2023
