Re: We're now paying up to $20,000 for web vulns in our services
- From: Michal Zalewski <lcamtuf@xxxxxxxxxxx>
- Date: Tue, 24 Apr 2012 08:13:01 -0700
IMHO, anyone who willingly, knowingly places customer data at risk by inviting attacks on their production systems is playing a very dangerous game. There is no guarantee that a vuln discovered by a truly honest researcher couldn't become a weapon for the dishonest "researcher" through secondary discovery
I'm not sure I follow. Are you saying that the dishonest researcher
will not try to find vulnerabilities if there is no reward program for
the honest ones?
/mz
- Follow-Ups:
- Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services
- From: Charles Morris
- Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services
- References:
- FYI: We're now paying up to $20,000 for web vulns in our services
- From: Michal Zalewski
- RE: We're now paying up to $20,000 for web vulns in our services
- From: Jim Harrison
- FYI: We're now paying up to $20,000 for web vulns in our services
- Prev by Date: RE: We're now paying up to $20,000 for web vulns in our services
- Next by Date: Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services
- Previous by thread: RE: We're now paying up to $20,000 for web vulns in our services
- Next by thread: Re: [Full-disclosure] We're now paying up to $20, 000 for web vulns in our services
- Index(es):
