[hashkb]

What you do, though, is objectively more valuable to Slack than you were paid. They have reframed security as the competition you mention, but the stakes are much higher and they're sidestepping with this issue of "responsible reporting".

[chrisseaton]

> What you do, though, is objectively more valuable to Slack than you were paid.

This is a meaningless statement.

Obviously all work is more valuable to the company than what they pay you to do the work... otherwise they wouldn't pay you would they? Because they'd get nothing out of it.

If your work generates £5 for a company, then why would they pay you £5 or £6 for it? What's in it for them?

[weswpg]

Obviously the point is that the gap between how much the person deserves and how much they're paid is particularly significant in this case

[IncRnd]

Payments from a company are subjective not objective. There is a single purchaser, in this case Slack, and the researcher already said that he wouldn't engage in unethical behaviour to make more money. Just sell the vulnerability to Slack, and be done with it.

Business owners of failing businesses, when they go to sell, many times think, "I've put in a million hours for this, so I need a million dollars." But, that will never happen.