Y
Hacker News
new
|
ask
|
show
|
jobs
by
rootusrootus
2514 days ago
Apple has a bug bounty program, yes? Are they paying Google for these?
3 comments
devrand
2514 days ago
Project Zero does not accept bounties. They generally ask for the money to be donated.
link
rootusrootus
2514 days ago
Makes sense. The bug bounty is meaningful money to an individual but it's just a pittance to Google.
link
saagarjha
2514 days ago
I'd assume it also helps avoid the perception of a conflict of interest.
link
saagarjha
2514 days ago
Apple's program has a few very specific classes of bugs that they pay out bounties for: these bugs probably don't qualify.
link
bobviolier
2514 days ago
Probably not. I think that most of those bounties can only be redeemed when you sign an NDA.
link
jefftk
2514 days ago
Who requires an NDA? I don't believe Google does:
https://www.google.com/about/appsecurity/reward-program/
(Disclosure: I work for Google)
link
bobviolier
2511 days ago
I meant the NDA from the party where the bug is reported, Apple in this case.
link