Bug bounties are not all or nothing. Starting slowly is how most do it. Good start @united Here's to friendlier skieshttp://www.darkreading.com/vulnerabilities---threats/vulnerability-disclosure-deja-vu-prosecute-crime-not-research/a/d-id/1320384 …
-
-
@attritionorg@k8em0@united bounties evolve over time. The reason to risk it is that they are evidence of a halfway sane security team. -
@attritionorg@k8em0@united The kind we want to encourage. -
@PatrickMcCanna@k8em0@united Exactly. So encourage them to clean up the wording, make it clear, so researchers aren't at risk. -
@attritionorg@k8em0@united I don't disagree, but saying everyone should stay away is stomping on daffodils. -
@PatrickMcCanna@k8em0@united it's protecting security researchers. if a few flowers get stomped, so be it. -
@attritionorg@k8em0@united ugh. </Disagree.> -
@PatrickMcCanna@k8em0@united you think researchers should risk jail, to help united, over them fixing their terms? -
@attritionorg@k8em0@united no, I do not. However I do think we need to encourage corporate security efforts to reward researchers. - 8 more replies
New conversation -
-
-
@attritionorg@k8em0@united dont ubderstand your response. Why would you disuade anyone from getting compensated for neighborliness? -
@PatrickMcCanna@k8em0@united Because their bounty is contradictory. They say "we reward for$blah" and "do not do$blah" (cont'd)
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.