|
|
|
|
|
|
by lstodd
23 days ago
|
|
|
It didn't become any more vulnerable. This is security, you have to have procedures for when you get owned; the bug bounty program is orthogonal to that. If they wiped prod db and put up goatse on my site I would have still paid and said thank you provided I was told how that was done. |
|
|
That depends on how secret the URL was. If you go from needing an exploit to just visiting a guessable link, that's significantly more vulnerable.
> If they wiped prod db and put up goatse on my site I would have still paid and said thank you provided I was told how that was done.
Well most people wouldn't, and for good reason.