|
|
|
|
|
|
by c0pium
999 days ago
|
|
|
Bug bounty programs are a nightmare to run. For every real bug reported you’ll get thousands of nikto pdfs with CRITICAL in big red scare letters all over them. Then you’ll get dragged on twitter constantly for not being serious about security. Narrowing the field to vetted experts will similarly get you roasted for either having something to hide or not caring about inclusion. And god help you if you have to explain that you already knew about a bug reported by anyone with more than 30 followers… There are as many taxonomies of security services as there are companies selling them. You have to be very specific about what you want and then read the contract carefully. |
|
|