Hacker News new | ask | show | jobs
by ANarrativeApe 144 days ago
Pay to enter would increase the risk of submitting a bug report. However, if the submission fees were added to the bounty payable, then the risk reward changes in favour of the submitter of genuine bugs. You could even have refund the submission fee in the case of a good faith non bug submission. A little game theory can go a long way in improving the bug bounty system...
3 comments
bawolff 144 days ago
If a competent neutral party was evaluating them, i would agree. However currently these things tend to be luck of a draw.
link
airza 143 days ago
You’re assuming that the companies operating these programs would act in good faith which they often do not.
link
CTDOCodebases 144 days ago
They could allow submitters to double down on submissions escalating the bug to more skilled and experienced code reviewers who get a cut of the doubled submission fee for reviews.
link