|
|
|
|
|
|
by downandout
3618 days ago
|
|
|
>If so, I am a little taken back by LastPass only offering $1,000 to the researcher that found and reported it for fixing. I am a lot taken back by it. This wasn't a minor bug. I don't care if $1,000 was the published maximum payout under their bug bounty program - for something like this, the payout needs to be representative of the damage that would have been done to their reputation had this bug been discovered and exploited by bad actors. Given that reputation is everything in this space, any well-publicized incident using this would have effectively rendered the company dead within days. Here's hoping they reconsider the award amount (though I'm certain they won't). |
|
|