|
|
|
|
|
|
by Kalium
2681 days ago
|
|
|
What you're describing is a lot like the bug bounty program I ran for a previous employer. It was mostly low-effort scans and "reports" templated from something a big company had made public once. No understanding of if not using HSTS was actually a vulnerability, just the expectation of burp -> report -> $$$. There were a handful of genuinely good contributors, but probably under 10% of reports. |
|
|