|
|
|
|
|
|
by icegreentea
4420 days ago
|
|
|
I honestly don't think there are many situations where the highest bidder for a bug will be a bug bounty problem. Consider from a couple year's back when Vupen won Pwn2Own against Chrome, and Vupen refused to disclose, based on the commercial value of the exploits. The key quote (and I don't think he's exaggerating) is: “We wouldn’t share this with Google for even $1 million,” says Bekrar. “We don’t want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers.” http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-th... |
|
|
It seems like if Google were to offer a $1M bug bounty tier, it'd be much more likely that Vupen's exploits would be discovered by someone else.