|
|
|
|
|
|
by mNovak
2112 days ago
|
|
|
For a vulnerability of that scope, I assume selling it to a short-seller to publish in bad faith would be more valuable than selling on the actual black market anyway. Hell, the impression I get is that unless you're fairly well connected already, selling large $ value hacks on the black market isn't exactly easy (see Twitter hack). I don't know if this is strictly legal either, but definitely more plausible deniability. |
|
|
Presumably you're into the system by the time you've discovered the exploit, so you're on the wrong side of the CFAA in the US and IMO the law would come down on you _hard_ if you acted in bad faith like that.
Even failing to report it might ruffle enough feathers for the company to use their political connections to have you prosecuted. I suspect that's also part of the reason the bounties are so low.