|
|
|
|
|
|
by monster_truck
24 days ago
|
|
|
You don't even need to find a whole 0day, you can find step 3 of 14. Just dump it anon or sell it, don't even try to claim a bounty or get a cve. Without elaborating, they will make sure you regret it Same goes for games. If you find RCE, report it and move on. If it remains unfixed let a journalist know. Do NOT accept their invite to the studio, they want to have you arrested. Would have happened to me were it not for one dude with a conscience at the company warning me not to go |
|
|
There are many examples of Microsoft and other large corporations treating security researchers well. Microsoft hosts BlueHat, where they invite external parties to talk about their findings. They thank researchers monthly who do contribute reports to MSRC. As I recall, they treated bunnie well, and I think they also treated “hoodie” (the original Xbox 360 hacker) well as well.