|
|
|
|
|
|
by 8jy89hui
1283 days ago
|
|
|
The author did not mention if they were rewarded by the bug bounty program. A vulnerability of this severity surely requires a reward of some sort. Does anyone have any more information about whether or not this person was compensated for their work? |
|
|
the fact that he mentions the bounty but not the reward means he probably got a reward. If he did not get one, he would have mentioned it.
it was not a ridiculous amount because 1. he would have refused it and talked about it. 2. the money was good enough for him to comply and not cite the companies
was it a large amount ? it could be the reason why he's not telling it. Companies don't want to be spammed by script kiddies attracted by the "largest reward in town".