|
|
|
|
|
|
by tptacek
2112 days ago
|
|
|
We probably need to stop having these threads, because they're repetitive, usually pretty ill-informed, and prevent us from having discussions about the vulnerabilities themselves. All we do is recapitulate the same tedious discussion about how bounty prices work. That's fine, but maybe we should only have those discussions on stories about bug bounties, not any story where a bounty makes an appearance. For the moment, rather than re-having this discussion, we can just note that bounty prices are what they are, and that no tech firm pays "existential" rates for new vulnerabilities (except, perhaps, Uber, where literally everyone involved in that story is now in the federal criminal court system). |
|
|