|
|
|
|
|
|
by StillBored
2112 days ago
|
|
|
How long do you think it takes for someone to find an exploit? Sure, a long time ago I found problems in web pages by clicking "view source" and going "I wonder what happens if.." and doing POST/GET with a huge buffer, or with "\");...." embedded in it. These days companies that take their security seriously are hopefully harder to exploit. If it takes someone a couple months of slow fuzzing/etc to find an exploit that is probably below market for the persons skills here in the US. Maybe a part of these bug bounties should be not only how critical the bug is, but some metric of how much work the individual put in before finding the problem. |
|
|
How do we classify what constitutes work to find any particular bug?