Hacker News new | ask | show | jobs
by arcwhite 185 days ago
It's actually pretty on-par for most bug bounties. They used the same exploit on a few programs and got $11k total which ain't bad return on time.
1 comments
sans_souse 185 days ago
No I know it's on par I guess better rephrasing would be the par is still too low
link
arcwhite 185 days ago
Compared to what? What's your baseline for how much a user-interaction-required XSS vulnerability should be worth?
link
sans_souse 185 days ago
I'm not basing it on math.

Are you saying tho that 2.5k wouldhave been adequate in 2019? I expect 5k would have been on par then too. But idk

link