|
|
|
|
|
|
by uh_what
2734 days ago
|
|
|
Follow up: This situation is similar to when England wanted Delhi to be rid of cobras so they started offering rewards for dead cobras. The citizens of Delhi responded to this incentive by farming cobras. What's the difference? It's a systemic flaw. If there exists an incentive for finding vulnerabilities, there exists an incentive for introducing vulnerabilities. Bug bounties work great for closed source companies because there doesn't exist a misalignment of incentives. If Johnny keeps writing buggy code, he gets fired. If anonymous234 gets his buggy pull request approved, confederate anonymous456 gets to make a few bucks. Follow up #2: For the skeptical downvoters, I'll put my money where my mouth is and attempt to capture the bounties using the method described above. |
|
|
Please don't.