Bug bounties are not all or nothing. Starting slowly is how most do it. Good start @united Here's to friendlier skieshttp://www.darkreading.com/vulnerabilities---threats/vulnerability-disclosure-deja-vu-prosecute-crime-not-research/a/d-id/1320384 …
@PatrickMcCanna @k8em0 @united it's protecting security researchers. if a few flowers get stomped, so be it.
-
-
@attritionorg@k8em0@united ugh. </Disagree.> -
@PatrickMcCanna@k8em0@united you think researchers should risk jail, to help united, over them fixing their terms? -
@attritionorg@k8em0@united no, I do not. However I do think we need to encourage corporate security efforts to reward researchers. -
@PatrickMcCanna@k8em0 right. so encourage@united to fix their bounty, then all is well. This is really simple. -
@attritionorg@k8em0@united all or nothing within 48 hours of the launch of the program is a bad leadership style. Encourage effort. -
@attritionorg@k8em0@united do not immediately shame imperfection. -
@PatrickMcCanna@k8em0@united imperfection that can land researchers IN JAIL. not something you want to take a gamble on. -
@attritionorg@k8em0@united I understand your argument. I think it is shortsighted and ultimately not helpful in the long term. - 3 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.