Bug bounties are not all or nothing. Starting slowly is how most do it. Good start @united Here's to friendlier skieshttp://www.darkreading.com/vulnerabilities---threats/vulnerability-disclosure-deja-vu-prosecute-crime-not-research/a/d-id/1320384 …
@PatrickMcCanna @k8em0 @united Exactly. So encourage them to clean up the wording, make it clear, so researchers aren't at risk.
-
-
@attritionorg@k8em0@united I don't disagree, but saying everyone should stay away is stomping on daffodils. -
@PatrickMcCanna@k8em0@united it's protecting security researchers. if a few flowers get stomped, so be it. -
@attritionorg@k8em0@united ugh. </Disagree.> -
@PatrickMcCanna@k8em0@united you think researchers should risk jail, to help united, over them fixing their terms? -
@attritionorg@k8em0@united no, I do not. However I do think we need to encourage corporate security efforts to reward researchers. -
@PatrickMcCanna@k8em0 right. so encourage@united to fix their bounty, then all is well. This is really simple. -
@attritionorg@k8em0@united all or nothing within 48 hours of the launch of the program is a bad leadership style. Encourage effort. -
@attritionorg@k8em0@united do not immediately shame imperfection. - 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.