Hacker News new | ask | show | jobs
How we run our bug bounty program (segment.com)
64 points by leifdreizler 2278 days ago
2 comments
chabad360 2278 days ago
"All of our most critical submissions have come from researchers that were originally rewarded for a well-written duplicate."

I think that's a key line that should have been added to the top tips.

link
leifdreizler 2278 days ago
Thanks for reading my blog. I tried to keep the "top tips" short and thought this was partially captured via

- Pay for anything that brings value - Pay extra for well-written reports, even if they’re dupes

with the hopes that if someone saw this and wanted to read more they'd skim through the blog :)

link
TheCrott 2277 days ago
I have question to your bug bounty program. What's the best way to reach you?
link
leifdreizler 2277 days ago
@leifdreizler on twitter! LinkedIn is also fine but I don't check it as regularly
link
devmunchies 2278 days ago
Not a segment specific question, but if I discover a bug while working on a task for my employer, will that bounty be discounted off the bill or will it go to me directly? what's typical?
link
tptacek 2278 days ago
It's best-practice to get permission from your employer to submit bugs you discover on their time to bounty services, and then for you to collect the entire bounty. It's common for people just to quietly submit bounties; I wouldn't, but then I work in a field where it's a big deal to disclose on-the-job findings. You might not.
link