|
|
|
|
|
|
by gesman
4524 days ago
|
|
|
/Leaving aside XML techno babble/: >>>
...
We knew we wanted to pay out a lot because of the severity of the issue, so we decided to average the payout recommendations across a group of our program administrators. As always, we design our payouts to reward the hard work of researchers who are already inclined to do the right thing and report bugs to the affected vendors.
...
>>> So, instead of awarding bounty to the researcher who found and intelligently handled the disclosure of the issue, Facebook "decided to average the payout" in order to keep part of the bounty to themselves, rewarding themselves for "hard work" and glorifying themselves for "awarding our biggest bug bounty payout ever" ? |
|
|