|
|
|
|
|
|
by dllthomas
4576 days ago
|
|
|
'This is true. There's no upside for rejecting this as "out of bounds" except for a relatively tiny sum of cash.' There can be. If the attack involved something that - done broadly - would itself cause problems even without a vulnerability, then you don't want to reward people for probing those ways without arranging it first. As a sort of extreme example, imagine hundreds of security researchers getting in the way of your paying customers while trying social engineering attacks on your staff. |
|
|