|
|
|
|
|
|
by onion2k
2121 days ago
|
|
|
but I’d happily donate more if there is there were no risk of paying repeat bounties, given a week between them to fix each category of security failure I learn about. A better solution would be to only allow a bug to be reported once per quarter, or once per version of the software. If someone finds a bug in v1.0 that's fixed in v1.1, then someone (even the same person) should be able to report the same bug in a different place in v1.1. That's an incentive for companies to use the report to secure the whole app rather than just fixing the reported issue. |
|
|