|
|
|
|
|
|
by Michielvv
2779 days ago
|
|
|
It depends a bit on the phrasing, but in all cases where someone asked if we would pay for vulnerability reports and we replied we would not pay, only offer acknowledgement on our security page, they would still share the report. If you are going to pay, make sure you clearly state scope and the type of exploits you pay for. Otherwise there is a high probability of it being something in the realm of being able to iframe your site. |
|
|