When it becomes legally compulsory to report all vulnerabilities to the vendor immediately, what do you think will happen to bug bounties?
-
-
Replying to @dinodaizovi
@dinodaizovi I have a solution for that. Bounty should be rent for non-disclosure. Larger bounty -> delayed public disclosure. $0 -> 0-day.1 reply 0 retweets 2 likes -
Replying to @BRIAN_____
@BRIAN_____ That's an interesting idea but I fear vendors will call it extortion. But they called bounties extortion at one point too :).1 reply 0 retweets 0 likes -
Replying to @dinodaizovi
@dinodaizovi Yep. Lots of people have called it extortion already. I don't think it is, but it has been an uphill battle to explain it.2 replies 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____@dinodaizovi Who decides what the maximum "rent" is?1 reply 0 retweets 0 likes
@cryptorobert @dinodaizovi The researcher. But, I want an Association of Hacking Professionals (Like doctors have AMA) set guidelines.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.