|
|
|
|
|
|
by MaxfordAndSons
3395 days ago
|
|
|
> why aren't major vendors devoting a fraction of the resources to find this stuff and fix it on their own? I'm pretty sure most of the competent ones are... it's just really slow, expensive, hard work, with little financial upside (beyond preventing the financial downside of disastrous long-tail exploits). Spending ever more on it probably isn't an easy sell to business people with normal (read: bad) human probabilistic intuitions. And a lot of the people best at it probably just choose to work for themselves because they can auction their work to IC or criminal collectors for much more than they'd get from a fixed rate bug bounty. |
|
|