|
|
|
|
|
|
by sdwr
519 days ago
|
|
|
If the reporter is trying to get paid for not reporting, that's blackmail. If the blackmail is organized, it's a racket. Plus, if the attack surface is huge and/or fractal, you will never run out of exploits. The more you pay people to find them, the harder they look... |
|
|
That's not what happened here and isn't usually what happens, though? The reporter usually gives a timeline for fixing the bug before reporting externally, and often extends that deadline if it's clear the Company is working on it. This is separate from bug bounty payments.
> The more you pay people to find them, the harder they look...
Yeah... that's the point...