They're the largest and most important bug bounty service, and have been for years.
WeWork leases offices; they have a shared workspace area in all the buildings, but most of their buildings are private offices.
Apart from the fact that there's a good chance the company you're trying to report to already has an H1 program running, what they're promising to do here is to spend some effort trying to track down security contacts for you. They profit from this, of course: if you give them a good bug, and they facilitate its reporting, the target company is very likely to sign up for H1. But it costs you nothing and might solve a problem for you.
(I'm ambivalent about H1 --- we run a couple H1 bounty programs that existed prior to us taking over security at our clients --- but I don't think it's a good idea to be dismissive of them.)
WeWork leases offices; they have a shared workspace area in all the buildings, but most of their buildings are private offices.
Apart from the fact that there's a good chance the company you're trying to report to already has an H1 program running, what they're promising to do here is to spend some effort trying to track down security contacts for you. They profit from this, of course: if you give them a good bug, and they facilitate its reporting, the target company is very likely to sign up for H1. But it costs you nothing and might solve a problem for you.
(I'm ambivalent about H1 --- we run a couple H1 bounty programs that existed prior to us taking over security at our clients --- but I don't think it's a good idea to be dismissive of them.)