Yea I noticed that, but what do they specifically not like about the NDA? afaik, HackerOne still makes vulnerability disclosure possible (and automatic if taking too long?)
Is this using the m2m API they recently introduced? Where you host a kind of API shim in your infrastructure? To me the pricing of it seems pretty steep if you want to give each service it’s own key?