|
|
|
|
|
|
by Kalium
3418 days ago
|
|
|
Bug bounties are critical! They're one of the few things that can seriously shift the economic incentives around vulnerabilities. One of the issues I've run across is that virtually all the reports I'm getting are copypasta'd from from other H1 reports by people with marginal communications skills. Couple that with the way researchers are encouraged to find ways to report the same issue multiple times and the way some seem to expect $1k payouts for noting that a WP site doesn't use HSTS, and it becomes difficult to justify the time investment. :( |
|
|