|
|
|
|
|
|
by fleitz
4573 days ago
|
|
|
Exactly, it's just a URL. Why not sell it? People sell URLs all the time, and bitbucket is clear written intent from the company that they wanted their source control systems accessible to the public else they would not have provided written notice to the world of their passwords. Surely the creators of the software are competent software experts who fully understood the implications of making their repository public. Surely, they are not asserting that they were so negligent in the performance of their duties as to not check whether the repository would be made public. Also, they've made numerous written affirmations that the issue found is not a bug, and would not qualify as part of their bug bounty for security flaws. They are morons and deserve to be hacked because they are negligent and make affirmations that leaving their source control system passwords on public computers is not a security issue worthy of payment. They deem the risk to be so insignificant as to not even be worth $500. |
|
|