Quantopian is excited by the amount of interest that security researchers are showing in helping us identify issues with our platform, as a result of the launch of our public HackerOne bug-bounty program. We've been running a successful private bounty program on HackerOne for about a year and a half now. Taking our program to the next level by making it public will help us to keep our application, and our members' data, secure.
We enthusiastically welcome all the researchers who are helping to test Quantopian. Having said that, our members are somewhat less excited about all the emails they're receiving as a result of researchers creating test posts and comments in our forums. We want to find a balance between allowing effective testing of our forums for security issues and maintaining a high signal-to-noise ratio in the forums for our members.
To that end, we would like to ask the following:
Researchers testing our forums should not post any new, top-level postings at this time. We are working on a technical solution which will allow researchers to test the security of top-level postings without undue disruption, but in the meantime, please refrain from doing so.
Researchers testing the security of comments should only post them in response to this post. In other words, do not post test comments on any post but this one.
Thank you in advance for your help and cooperation.