0/n, Oh this one's nasty. "If paid a bounty, [...], may not disclose the amount or any information related to the type of vulnerability you found. Under no other circumstances may you disclose anything about your participation in this program."https://brickftp.com/security-bounty/ …
-
-
Replying to @scarybeasts
want a nasty one? "this is out of scope for our program. we won't fix it. please note that you're not allowed to disclose or talk about what you submitted." yeah, happens. regularly.
1 reply 2 retweets 4 likes -
Replying to @hanno @scarybeasts
Once a program has shown bad faith like that why would anyone honor the "not allowed" bs? Dump a 0day and laugh.
1 reply 0 retweets 3 likes -
Or "We don't consider this a security vulnerability" "Oh ok then, *dump 0day on github/FD*
1 reply 0 retweets 1 like -
Exactly. Any claim that NDA applies to something they claim isn't a vuln is abusive bs. They can't have it both ways.
1 reply 0 retweets 1 like -
Replying to @RichFelker @kyhwana and
Their demand has no legal weight unless there is a payout, right? Contract law requires you get something in return in order for a contract to be enforceable. Otherwise, it is just a promise, which is *much* harder to sue over.
2 replies 0 retweets 1 like
IANAL but that seems right unless they try to argue the research itself was illegal without their permission...
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.