|
|
|
|
|
|
by csmatt
4636 days ago
|
|
|
Not at all similar to that. Ignoring the fact that the characteristics of residences and a very high traffic website with an enormous user-base are vastly different, your argument relies on the discoverer of the vulnerability choosing one of two paths: get paid by the company or get paid by nefarious people. A third option is to choose neither because the discoverer doesn't think it warrants his or her time to report it. Reporting a security vulnerability requires more than just sending an email. Meanwhile, others who have discovered the same vulnerability may be selling access to it and a company like Yahoo has no idea until severe damage has been done. |
|
|