HackerOne’s Managed Triage

From what I understand of HackerOne’s managed triage, “Finders” (researchers) submit their findings to HackerOne, whose triagers/analysts review the submissions before the program it is written for ever sees anything. There is a clear potential for conflict and corruption in the system they use, at least as it was described to this site, because the people who get first glimpse at findings are also bug hunters in their own right, and could theoretically steal the findings or use the findings on other platforms to earn themselves bounties.

https://www.databreaches.net/growing-pains-as-hackerone-has-grown-is-it-harming-what-it-intended-to-help-part-2/