I'll never understand this the same way Google got people to geomap for free. Which way should I be looking at these extremely low bug bounties? I see them now as better than nothing or it's all your worth. It would be different if you weren't contributing directly to a billion dollar corp. but to GNU or something. Why not sell or license them the fix?
Git money, git paid: GitHub waves larger wads of dollar bills to tempt bug hunters
Social code storage biz GitHub, now a ward of Microsoft, on Tuesday divulged plans to make itself more attractive to hackers by flashing larger sums of cash and offering better indemnity. The company's five-year-old Security Bug Bounty program is being refurbished with ampler awards and broader terms of engagement. Part of the …
-
Wednesday 20th February 2019 17:33 GMT Robert Carnegie
But
Does anyone else see a problem with regularly increasing the reward for finding a bug in the system? If I find one now, but I don't tell them until next year, then I get more money that way.
I hesitated to mention that - but if you're smart enough to find the bugs, then you're smart enough to think of it without my help.
-
Thursday 21st February 2019 13:30 GMT DavCrav
Re: But
"If I find one now, but I don't tell them until next year, then I get more money that way."
Or someone else finds it and claims the money.
"I hesitated to mention that - but if you're smart enough to find the bugs, then you're smart enough to think of it without my help."
If you're smart enough to find the bugs, then you're smart enough to see the problem I mentioned above.
-
