{"id":28655,"date":"2019-08-23T14:26:27","date_gmt":"2019-08-23T14:26:27","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/30430\/Valve-Says-Turning-Away-Researcher-Was-A-Mistake.html"},"modified":"2019-08-23T14:26:27","modified_gmt":"2019-08-23T14:26:27","slug":"valve-says-turning-away-researcher-was-a-mistake","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/","title":{"rendered":"Valve Says Turning Away Researcher Was A Mistake"},"content":{"rendered":"<p><img decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/08\/sorry-800x534.jpg\" alt=\"Black and white photo of neon sign that says SORRY.\"><\/p>\n<aside id=\"social-left\" aria-label=\"Read the comments or share this article\">\n<h4 class=\"comment-count-before\"><a title=\"53 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2019\/08\/valve-says-turning-away-researcher-reporting-steam-vulnerability-was-a-mistake\/?comments=1\">reader comments<\/a><\/h4>\n<p><a title=\"53 posters participating\" class=\"comment-count icon-comment-bubble-down\" href=\"https:\/\/arstechnica.com\/information-technology\/2019\/08\/valve-says-turning-away-researcher-reporting-steam-vulnerability-was-a-mistake\/?comments=1\"><span class=\"comment-count-number\">74<\/span> <span class=\"visually-hidden\">with 53 posters participating<\/span><\/a><\/p>\n<div class=\"share-links\">\n<h4>Share this story<\/h4>\n<\/div>\n<\/aside>\n<p>In an attempt to quell a controversy that has raised the ire of white-hat hackers, the maker of the Steam online game platform said on Thursday it made a mistake when it turned away a researcher who recently reported two separate vulnerabilities.<\/p>\n<p>In its statement, Valve Corporation references HackerOne, the reporting service that helps thousands of companies receive and respond to vulnerabilities in their software or hardware. The company also writes:<\/p>\n<blockquote>\n<p>We are also aware that the researcher who discovered the bugs was incorrectly turned away through our HackerOne bug bounty program, where his report was classified as out of scope. This was a mistake.<\/p>\n<p>Our HackerOne program rules were intended only to exclude reports of Steam being instructed to launch previously installed malware on a user\u2019s machine as that local user. Instead, misinterpretation of the rules also led to the exclusion of a more serious attack that also performed local privilege escalation through Steam.<\/p>\n<p>We have updated our HackerOne program rules to explicitly state that these issues are in scope and should be reported. In the past two years, we have collaborated with and rewarded 263 security researchers in the community helping us identify and correct roughly 500 security issues, paying out over $675,000 in bounties. We look forward to continuing to work with the security community to improve the security of our products through the HackerOne program.<\/p>\n<p>In regards to the specific researchers, we are reviewing the details of each situation to determine the appropriate actions. We aren\u2019t going to discuss the details of each situation or the status of their accounts at this time.<\/p>\n<\/blockquote>\n<p>Valve\u2019s <a href=\"https:\/\/hackerone.com\/valve\">new HackerOne program rules<\/a> specifically provide that \u201cany case that allows malware or compromised software to perform a privilege escalation through Steam, without providing administrative credentials or confirming a UAC dialog, is in scope. Any unauthorized modification of the privileged Steam Client Service is also in scope.\u201d<\/p>\n<h2>Kicking the hornet\u2019s nest<\/h2>\n<p><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/08\/hackerone-email.png\" class=\"enlarge\" data-height=\"232\" data-width=\"599\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/08\/hackerone-email-300x116.png\" width=\"300\" height=\"116\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/08\/hackerone-email.png 2x\"><\/a><\/p>\n<div class=\"caption-credit\">Vasily Kravets<\/div>\n<p>The statement and the policy change from Valve came two days after security researcher Vasily Kravets, an independent researcher from Moscow, received an email telling him that Valve\u2019s security team would no longer receive his vulnerability reports through the HackerOne bug-reporting service. Valve turned Kravets away after he reported a <a href=\"https:\/\/arstechnica.com\/gaming\/2019\/08\/severe-local-0-day-escalation-exploit-found-in-steam-client-services\/\">Steam vulnerability<\/a> that allowed hackers who already had a toe-hold on a vulnerable computer to burrow into privileged parts of an operating system. Valve initially told Kravets such vulnerabilities were out of scope and gave no indication that the one Kravets reported would be fixed.<\/p>\n<p>Valve\u2019s response rankled hackers and security professionals because so-called privilege-escalation vulnerabilities are something that Google, Microsoft, and mature open source developers routinely and readily fix in their products. Valve\u2019s contention that a demonstrated flaw of this type wasn\u2019t a legitimate vulnerability ran counter to long-standing security norms. As criticism mounted, Valve <a href=\"https:\/\/steamcommunity.com\/groups\/SteamClientBeta#announcements\/detail\/1599262071399843693\">quietly issued a patch<\/a>, but researchers found that it could be bypassed. To make matters worse, Kravets on Tuesday publicly <a href=\"https:\/\/amonitoring.ru\/article\/onemore_steam_eop_0day\/\">disclosed a new privilege escalation vulnerability in Steam<\/a>. Valve&#8217;s Thursday statement said both vulnerabilities reported by Kravets have now been fixed.<\/p>\n<h2>Another researcher is shut down<\/h2>\n<p>Criticism grew more fevered\u2014and began to increasingly be directed at HackerOne\u2014after Matt Nelson, a second independent researcher, said he used the vulnerability reporting service in June to disclose one of the same Steam flaws Kravets found. According to an <a href=\"https:\/\/twitter.com\/enigma0x3\/status\/1160961861560479744\">exchange Nelson posted<\/a>, a HackerOne representative said the vulnerability was out of scope to qualify for Valve\u2019s bug bounty program. When Nelson replied that he wasn\u2019t looking for money but instead only wanted the public to be aware of the vulnerability, the HackerOne representative asked Nelson to \u201cplease familiarize yourself with our disclosure guidelines and ensure that you\u2019re not putting the company or yourself at risk. <a href=\"https:\/\/www.hackerone.com\/disclosure-guidelines\">https:\/\/www.hackerone.com\/disclosure-guidelines<\/a>.\u201d<\/p>\n<p>Those guidelines specifically state, \u201cPlease note that we will not consent to disclose reports if they have been marked out-of-scope or inapplicable, or where Valve has not taken a specific corrective action \/ mitigation.\u201d<\/p>\n<p>The HackerOne representative also locked the thread so that it no longer could be read. Nelson told Ars he was surprised by HackerOne\u2019s response. Using the abbreviation for non-disclosure agreement, he wrote in an email:<\/p>\n<blockquote>\n<p>I wouldn\u2019t go as far as calling it an NDA, but they certainly were implying there could be repercussions for violating Valve\u2019s policy or HackerOne\u2019s disclosure policy. My reaction is that I could care less. If they want to ban a researcher submitting bugs in good faith, they certainly can. I\u2019m not reporting via HackerOne to make money, it simply seemed like the easiest way to get in contact with them. Making the process more difficult for those willing to report vulnerabilities does absolutely nothing but hurt them and the general public.<\/p>\n<\/blockquote>\n<p>Nelson then reported the vulnerability directly to Valve. Valve, he said, acknowledged the report and \u201cnoted that I shouldn\u2019t expect any further communication.\u201d He never heard anything more from the company.<\/p>\n<h2>Shifting the blame<\/h2>\n<p>Nelson said he welcomed Valve\u2019s admission that it was a mistake for Valve to have turned away Kravets and the policy change that makes privilege-escalation vulnerabilities in scope.<\/p>\n<p>\u201cI can certainly believe that the scoping was misinterpreted by HackerOne staff during the triage efforts,\u201d Nelson wrote. \u201cIt is mind-blowing to me that the people at HackerOne who are responsible for triaging vulnerability reports for a company as large as Valve didn\u2019t see the importance of Local Privilege Escalation and simply wrote the entire report off due to misreading the scope.\u201d<\/p>\n<p>In a <a href=\"https:\/\/amonitoring.ru\/article\/steamclient-0day\/\">post reporting the first vulnerability<\/a>, Kravets also said that HackerOne staff told him he wasn\u2019t permitted to publicly disclose the vulnerability.<\/p>\n<p>Meanwhile, he also told Ars on Thursday morning that he had yet to receive any communication from Valve and that he remained locked out of the Valve bug-reporting section of HackerOne.<\/p>\n<p><a href=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/08\/valve-hackerone.jpg\" class=\"enlarge\" data-height=\"343\" data-width=\"1065\"><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/08\/valve-hackerone-640x206.jpg\" width=\"640\" height=\"206\" srcset=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2019\/08\/valve-hackerone.jpg 2x\"><\/a> <\/p>\n<div class=\"caption-credit\">Vasily Kravets<\/div>\n<p>A HackerOne spokeswoman told Ars:<\/p>\n<blockquote>\n<p>We aim to explicitly communicate our policies and values in all cases and here we could have done better. Vulnerability disclosure is an inherently murky process and we are, and have always been, committed to protecting the interests of hackers.<\/p>\n<p>Our disclosure guidelines emphasize mutual respect and empathy, encouraging all to act in good faith and for the benefit of the common good.<\/p>\n<\/blockquote>\n<h2>Still cause for concern<\/h2>\n<p>While Valve\u2019s admission and policy change are encouraging, HackerOne\u2019s barring of Kravets remains an ongoing concern. HackerOne helps thousands of organizations receive and respond to vulnerability reports. Its policies have a huge effect on the security of products and devices used all over the world, said Katie Moussouris, founder and CEO of Luta Security who wrote the disclosure policies <a href=\"https:\/\/www.iso.org\/standard\/45170.html\">here<\/a> and <a href=\"https:\/\/www.iso.org\/standard\/53231.html\">here,<\/a> adopted by the International Organization for Standardization, while at Microsoft.<\/p>\n<p>\u201cSilencing the researcher on one issue is in complete violation of the ISO standard practices, and banning them from reporting further issues is simply irresponsible to affected users who would otherwise have benefited from these researchers continuing to engage and report issues privately to get them fixed,\u201d Moussouris told Ars. \u201cThe norms of vulnerability disclosure are being warped by platforms that put profits before people.\u201d<\/p>\n<p><em>This post was updated to remove claims Valve disputed the vulnerability in the official CVE advisory.<\/em><\/p>\n<p> READ MORE <a href=\"https:\/\/packetstormsecurity.com\/news\/view\/30430\/Valve-Says-Turning-Away-Researcher-Was-A-Mistake.html\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":28656,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[7530],"class_list":["post-28655","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackerflawzero-day"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Valve Says Turning Away Researcher Was A Mistake 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Valve Says Turning Away Researcher Was A Mistake 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-08-23T14:26:27+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/08\/valve-says-turning-away-researcher-was-a-mistake.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"534\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Valve Says Turning Away Researcher Was A Mistake\",\"datePublished\":\"2019-08-23T14:26:27+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/\"},\"wordCount\":1229,\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/08\/valve-says-turning-away-researcher-was-a-mistake.jpg\",\"keywords\":[\"headline,hacker,flaw,zero day\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/\",\"name\":\"Valve Says Turning Away Researcher Was A Mistake 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/08\/valve-says-turning-away-researcher-was-a-mistake.jpg\",\"datePublished\":\"2019-08-23T14:26:27+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/#primaryimage\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/08\/valve-says-turning-away-researcher-was-a-mistake.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/08\/valve-says-turning-away-researcher-was-a-mistake.jpg\",\"width\":800,\"height\":534},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.threatshub.org\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,flaw,zero day\",\"item\":\"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerflawzero-day\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Valve Says Turning Away Researcher Was A Mistake\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#website\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\/\/www.threatshub.org\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Valve Says Turning Away Researcher Was A Mistake 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/","og_locale":"en_US","og_type":"article","og_title":"Valve Says Turning Away Researcher Was A Mistake 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-08-23T14:26:27+00:00","og_image":[{"width":800,"height":534,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/08\/valve-says-turning-away-researcher-was-a-mistake.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Valve Says Turning Away Researcher Was A Mistake","datePublished":"2019-08-23T14:26:27+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/"},"wordCount":1229,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/08\/valve-says-turning-away-researcher-was-a-mistake.jpg","keywords":["headline,hacker,flaw,zero day"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/","url":"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/","name":"Valve Says Turning Away Researcher Was A Mistake 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/08\/valve-says-turning-away-researcher-was-a-mistake.jpg","datePublished":"2019-08-23T14:26:27+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/08\/valve-says-turning-away-researcher-was-a-mistake.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/08\/valve-says-turning-away-researcher-was-a-mistake.jpg","width":800,"height":534},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/valve-says-turning-away-researcher-was-a-mistake\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,flaw,zero day","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackerflawzero-day\/"},{"@type":"ListItem","position":3,"name":"Valve Says Turning Away Researcher Was A Mistake"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/28655","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=28655"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/28655\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/28656"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=28655"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=28655"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=28655"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}