|
|
|
|
|
|
by jasonlotito
4692 days ago
|
|
|
> how exactly do you propose that they write a policy that compensates people for violating the security of their users? Not the security of Facebook, but the integrity of their actual users. In the appropriate language: https://news.ycombinator.com/item?id=6231153 Otherwise, you should make some good faith effort to not assume devious intentions on someone making a good faith effort to report problems. > They just can't pay him for having demonstrated a vulnerability by hacking someone's account. Technically, according to the security person at Facebook, it wasn't a bug. When he did the same thing again on Mark Z's account, it suddenly became hacking. Yeah, he didn't follow a procedure that wasn't available to him in his native language, but he made a good faith attempt to report the bug, and did so several times. > But good intentions aren't always enough. Several attempts to contact them despite being told the actions he was taken was not a bug despite clearly explaining why it was? |
|
|