|
|
|
|
|
|
by teddyh
613 days ago
|
|
|
> "Pissing off the hackers" is not a way to keep people reporting credible bugs to your service. That doesn’t matter if your goal with a bug bounty program is not to have people reporting bugs, but instead to have the company appear to care about security. If your only aim is to appear serious about security, it doesn’t matter what you actually do with any bug reports. Until the bugs are made public, of course, which is why companies so often try to stop this by any means. |
|
|
But I geuss corporations ignoring security for more immediately profitable ventures on the quarterly report is a tale as old as software.