[keraf]

I'd love to see this happen to every billion dollar company that doesn't have a bug bounty program. Offering zero incentive for reporting vulnerability just encourages hackers to exploit it for their own advantage or to wreak havoc.

As a paying customer, I expect better from these companies and personally wouldn't blame the hackers for exploiting their findings if no program exists.

[TechDebtDevin]

Well the Federal Government certainly wouldn't agree with you. Give it go though!

[IntelMiner]

The Federal Government? Thank goodness these companies only operate in one country. Or we've finally succeeded in uniting under one singular world government

[TechDebtDevin]

In case you haven't noticed, the FBI charges hackers across the world on a frequent basis. And you should fear them regardless of what country you're in if you're going to be messing with American companies. I've worked at companies where the FBI caught our engineers that were offshore stealing IP. The Company didn't have a clue, they are watching anything and everything that concerns American interest and yes there are no jurisdictions/borders stopping them, outside of Russia, Iran and NK ofc.

[_AzMoo]

How does the FBI arrest somebody outside of the US?

[spac]

extradition

[_AzMoo]

There are a lot of countries that don't have extradition treaties with the US.

[shiroiushi]

Good luck extraditing Russian or Chinese hackers.

[InDubioProRubio]

Cant have fitness stress tests for the big guys. They need protection for lazy execution of minimal efforts.

[batch12]

I think that's called ransomware

[keraf]

Or negligence :-)

[batch12]

What if the billion dollar company has a responsible disclosure process and internal vulnerability management program and has just decided not to pay for unsolicited bug reports? Where is the negligence?