|
|
|
|
|
|
by jessaustin
3016 days ago
|
|
|
Yeah the incentives get very murky very quickly there. One employee might ignore a vuln now so as to get a bounty for it later. A manager might give a known vuln-maker code access. Any group of employees might conspire to do either of those or something else at some remove. An actual attacker might manipulate any such conspiracy... It might be interesting as a study of Gambit Roulette, but not as any way to run a firm. It's possible that GP meant giving independent researchers access to internal tools. That would be interesting but also very difficult to pull off safely. |
|
|