|
|
|
|
|
|
by donmcronald
2112 days ago
|
|
|
Alternatively, document it with trusted timestamps and don't report it. Then if someone else exploits it you could parlay the media frenzy into a lot of publicity that's probably worth more than the tiny bounties many companies pay. "Oh, we discovered that 2 years ago, but the bug bounty program didn't make it worth reporting. Want to buy a security audit?" |
|
|