|
|
|
|
|
|
by lordnacho
2115 days ago
|
|
|
Under $2K seems very cheap for what what discovered. Did it take less than two days to do this exploit? Perhaps the model should be an immediate price like the one that was offered, but also the ability to ask for more, confidentially. For instance you might feel this thing is worth more like $10k, and you could show the screengrab. Then the firm can decide whether to just pay up or haggle. And of course you still have Hacker One to arbitrate that the vuln is actually what was touted. Nothing's perfect, of course there are holes in this idea as well. |
|
|