|
|
|
|
|
|
by flyinglizard
4520 days ago
|
|
|
I think an ideal balance point (for all companies, not just GH) is one where someone can make a very comfortable living finding and reporting security flaws. You simply don't do that with $100-$5k bounties.
GitHub, more than nearly every company out there, is entrusted with trade secrets that are the livelihood of their customers. Paying top money to get security bugs found is not an option, but something that should be regarded as a "cost of doing business". |
|
|