|
|
|
|
|
|
by seanw265
769 days ago
|
|
|
Is it? I'm not so familiar with the specifics of bug bounty programs, but it seems like this issue could cause much more than 3k in damages if it were to be exploited. Similarly, I'm kind of shocked that Google is only offering 30k for discoveries of remote code execution vulnerabilities on their own servers. I don't mean to trivialize that amount of money, but compared to the scope of what that kind of vulnerability could be used for it seems insignificant. There's the potential for access to internal Google secrets and private data belonging to users. Would a government not pay 10-20x for something like that? |
|
|