How long should you wait for a response on hacker one?

Question

I submitted a vulnerability to the kubernetes hacker one program In August, it was triaged by hacker one staff and the last update was its being discussed internally with the kubernetes team, that was 4 months ago. I chased it a month ago but got no response. It's not a critical issue, but it think this timescale is a bit too long.

thockingoog · Accepted Answer

As a maintainer: some issues take longer to triage than others. Especially if they are not CRITICAL, and there's a huge holiday season in the midst of it. :)I know I have been involved in a couple which took time to agree on a "best" solution and to find people to tackle them.

paulpauper · Answer

If no answer, then this typically means no bounty.

stop50 · Answer

I think the standard of 90 days is ok