I have great respect for the Vercel team and what they continue to do for the web community to this day. They spent $750k to improve their WAF and make their customers’ apps secure. Not only that, they’re sharing information between industry to make sure everybody implements this as well. Respect.
We want to thank the hackerone community for an incredible collaboration over the weekend. They discovered a total of 15 unique issues, leading to an expected payout of $750K. Our eng team has hardened the WAF as issues were discovered, and the last "flag capture" was 20 hours