|
|
|
|
|
|
by 8organicbits
701 days ago
|
|
|
Agreed about boredom. There are times I've discovered issues incidentally, checked if the company had a bug bounty program. If they don't, I may chuck a vague email to security@, if they do I'll write something quick and take whatever they send. I've seen $3k once from this, but usually it's not enough to justify the time it takes to do the write up. There are far too many: out of scope, we already know, or other non-payment results. |
|
|