Reply to post: When the money for selling info

Pentagon is far too tight with its security bug bounties

MachDiamond Silver badge

When the money for selling info

.... greatly exceeds the bug bounty, some of the testers might be looking at the bounty programs as a way to avoid detection. If people are being invited to test something, it eliminates the first alarm bell. All they might need to do is register with some false information and do their work from a node that isn't tied to them. One has to hope that the entity hosting the event is using a shadow system with dummy information.

It's like the gun buyback program that was paying enough money that one guy found it profitable to 3D print guns and turn them in for the "reward" until they got wise. The beauty was that he didn't have to test that the 3D printed gun would actually work and not endanger the person firing it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon