Bug bounties are not all or nothing. Starting slowly is how most do it. Good start @united Here's to friendlier skieshttp://www.darkreading.com/vulnerabilities---threats/vulnerability-disclosure-deja-vu-prosecute-crime-not-research/a/d-id/1320384 …
-
-
@attritionorg@k8em0@united somewhere at UA, there is an infosecer that fought to get approval for a bounty. Are you reciprocating? -
@PatrickMcCanna@k8em0 why would I offer a bounty for@united bugs? -
@attritionorg@k8em0@united bounties evolve over time. The reason to risk it is that they are evidence of a halfway sane security team. -
@attritionorg@k8em0@united The kind we want to encourage. -
@PatrickMcCanna@k8em0@united Exactly. So encourage them to clean up the wording, make it clear, so researchers aren't at risk. -
@attritionorg@k8em0@united I don't disagree, but saying everyone should stay away is stomping on daffodils. -
@PatrickMcCanna@k8em0@united it's protecting security researchers. if a few flowers get stomped, so be it. -
@attritionorg@k8em0@united ugh. </Disagree.> - 10 more replies
New conversation -
-
-
@attritionorg United is working to clear up language on the bounty program page. They're listening to feedback about it. -
@DrewHintz Outstanding. If@united would like more feedback, happy to help.
End of conversation
New conversation -
-
-
@attritionorg@k8em0 I like how if you submit for a bounty they "reward" you with a full body scan or frisk and identifying video.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.