|
|
|
|
|
|
by geofft
2115 days ago
|
|
|
If you haven't had food in a few days, there are many better ways to get food on the table than trying to find exploitable vulnerabilities and sell them for tens of thousands of dollars, including - Work on a bounty program that rewards mitigations instead of exploits (e.g., https://www.google.com/about/appsecurity/patch-rewards/). Those are much more deterministic. (But there's no black market for them.) - Get a conventional job (possibly in software, possibly not), which pays you on a schedule. I get the argument you're making about money, but I'm having trouble believing that going after bug bounties ever makes sense to someone in that situation, given how non-deterministic it is to find a bug. Also (as this bug shows), it typically takes a long time between reporting a bug and having the responding team decide that it merits a bounty. In this case it took a month. (And then there's logistics about actually getting you the money at that point.) Are people who haven't eaten for a few days really going to be happy not eating for another month, even if they get a hundred thousand dollars then? |
|
|