|
|
|
|
|
|
by taatof
507 days ago
|
|
|
> If the reporter is trying to get paid for not reporting, that's blackmail. That's not what happened here and isn't usually what happens, though? The reporter usually gives a timeline for fixing the bug before reporting externally, and often extends that deadline if it's clear the Company is working on it. This is separate from bug bounty payments. > The more you pay people to find them, the harder they look... Yeah... that's the point... |
|
|