Hacker News new | ask | show | jobs
by exdsq 641 days ago
$2000 is an absurdly small bounty here - you should up that
2 comments
radicaldreamer 640 days ago
50k or 100k would be far more appropriate given the severity of this issue. But overall, this makes me think there's probably a lot more vulnerabilities in Arc that are undiscovered/unpatched.

Also, there's the whole notion of every URL you visit being sent to Firebase -- were these logged? Awful for a browser.

link
ha470 640 days ago
Ya this is fair! Honestly this was our first bounty ever awarded and we could have been more thoughtful. We’re currently setting up a proper program and based on that rubric will adjust accordingly.
link
ARandomerDude 640 days ago
> Honestly this was our first bounty ever awarded and we could have been more thoughtful

That’s corporate speak for “no, we won’t pay the researcher any more money.”

link
karlzt 640 days ago
$200k for this big bug.
link
karlzt 639 days ago
My comment has been downvoted twice, but I don't see it grayed out, I wonder why.
link