|
|
|
|
|
|
by Dwolb
3733 days ago
|
|
|
Yes the payout calc by company is cost to the company of an exploit, but with a repeated game scenario. i.e. you can't look at the bug and payment in a vacuum, you have to factor in future bugs. So the cost is the value to the company for the exploited bug if used properly plus the expected value of future bugs. Which is weird, right? This shows companies can be internally incentivized to reduce bug bounty payments to show 'they are improving' when in fact, developers are leaving their bug bounty program. |
|
|