[reasons]

I like Valve's approach. Who is the real bad guy here?

Why should they prioritize people who break their hard work and coerce them into paying for protection?

I might be biased; always wanted to work @ Valve Software since HL1.

[matheusmoreira]

> Why should they prioritize people who break their hard work and coerce them into paying for protection?

Because they voluntarily joined responsible disclosure programs and promised rewards?

Their hard work wasn't good enough to survive in the extremely hostile world out there. The fact is online gaming is a form of distributed computing and so people are exposed to network attacks. By failing to prioritize security they are putting their customers at risk. They can either start taking this seriously or watch people make money off of the vulnerabilities in their hard work.

[lilSebastian]

> I like Valve's approach. Who is the real bad guy here?

Valve are, leaving millions of users at risk, despite having been informed of an issue.

[jmgao]

Because that's what they signed up for?

[reasons]

See it from Valve's perspective.

They've had pre-launch source codes leaked by hackers, gameplay ruined by hackers; they probably don't like hackers.

I wouldn't be surprised if they signed up purely out of spite to tarpit and frustrate hackers.

[diarrhea]

That is such a bizzare take.

Valve's stance on hackers won't change the fact they exist and are out there doing their thing. Valve's stance can now be the deciding factor between exploits being disclosed to them for a reward, or sold on black markets as cheats.

If you don't want people "breaking your hard work", don't release software. However, being on hackerone can help alleviate the negatives.

[_kbh_]

Sounds like a great idea, now instead of them getting issues fixed they get sold and not reported.

[anonymousab]

> they probably don't like hackers

Many of their breadwinners were made by 'hackers'.