Hacker News new | ask | show | jobs
by phkahler 2011 days ago
>> student wouldn't be legally obligated to inform you of a vulnerability, and it wouldn't make sense to if you weren't willing to pay.

Which leads to a very interesting situation in negotiating. It's not the first time someone tried to sell information or an idea without getting ripped off. But how can one agree the value of information without knowing it. Is there a standard word or phrase to describe that situation?
4 comments
vladTheInhaler 2011 days ago
The thing that is missing here would seem to be a sort of zero-knowledge proof.
link
unishark 2011 days ago
perhaps a third party both sides trust is hired to appraise the value
link
foepys 2011 days ago
Those things already exist but ultimately bugs and exploits are too niche. A trusted third party cannot rule by themselves but is always required to ask both sides about the bug's impact. Since both sides try to frame it as both high and low impact at the same time, you make both parties unhappy in the most cases and become untrusted.
link
flagrant 2011 days ago
Sounds like a standard Catch-22.
link
kortilla 2011 days ago
Finder’s fee
link