|
|
|
|
|
|
by tptacek
2 hours ago
|
|
|
I just gave a rational reason to exclude them from the bug bounty, which I can summarize as "the bug bounty is not their entire security program and does not have the goal you've axiomatically derived for it". Cards on the table I am not a fan of bug bounty programs, and the fact that they're an engineering process that turns out to be impossible to have public engineering discussions about is definitely one of many reasons why. Most companies should not run bug bounty programs. |
|
|