0/n, Oh this one's nasty. "If paid a bounty, [...], may not disclose the amount or any information related to the type of vulnerability you found. Under no other circumstances may you disclose anything about your participation in this program."https://brickftp.com/security-bounty/ …
-
-
Replying to @scarybeasts
want a nasty one? "this is out of scope for our program. we won't fix it. please note that you're not allowed to disclose or talk about what you submitted." yeah, happens. regularly.
1 reply 2 retweets 4 likes -
Replying to @hanno @scarybeasts
Once a program has shown bad faith like that why would anyone honor the "not allowed" bs? Dump a 0day and laugh.
1 reply 0 retweets 3 likes -
Or "We don't consider this a security vulnerability" "Oh ok then, *dump 0day on github/FD*
1 reply 0 retweets 1 like -
Exactly. Any claim that NDA applies to something they claim isn't a vuln is abusive bs. They can't have it both ways.
1 reply 0 retweets 1 like -
Replying to @RichFelker @kyhwana and
Their demand has no legal weight unless there is a payout, right? Contract law requires you get something in return in order for a contract to be enforceable. Otherwise, it is just a promise, which is *much* harder to sue over.
2 replies 0 retweets 1 like -
Replying to @porkbellyfuture @RichFelker and
Well, bugcrowd could deny you access to their platform in the future. Which is a big deal if bugbounties are a relevant part of your income
1 reply 0 retweets 0 likes -
Replying to @hanno @porkbellyfuture and
I think the issue is less that anyone will sue you and more the chilling effect this has in advance
2 replies 0 retweets 2 likes
Right. My thought was more creation of a counter chilling effect on badly behaved companies via the fallout of the 0day dumping and the reason behind it.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.