|
|
|
|
|
|
by SchemaLoad
381 days ago
|
|
|
Well the author decided to sell the bug to Google rather than to criminals so I guess it was deemed a good value. By selling it to Google you get to write a nice blog post you can show to future employers and you don't have to involve yourself in crime. So the payout needed is a lot less than what hackers might be offering. |
|
|
Like, does a 6th or 7th blog post really matter, versus getting a large payout?
No rule that says you can't do both, or only disclose+publish the more 'impressive' of your exploits.