If a vulnerability was worth ~ $1,000, hiring the *entire* Google Project Zero team should only cost about $250,000 a year...
-
-
-
@berendjanwever But you needn't hire them, they'll find your bugs for free! :-p -
@ericlaw When I worked at Google, we were all getting paid - has this changed? :)
End of conversation
New conversation -
-
-
@berendjanwever@taviso@dinodaizovi While this is funny and all, I think it's still a good start. Not many AVs pay bug bounties at all. -
@SwissHttp@taviso@dinodaizovi So are you saying this bug bounty budget is good because most AVs have none? I would think a bug bounty... -
... is good when it draws the kind of people that find serious vulnerabilities. You don't get that on a budget - you get script kiddies.
-
@matalaz@berendjanwever It would help get the low hanging fruit which AV still has a metric tonne of though :-/ -
@dlitchfield@matalaz If you do automated testing and submitting, you may even find bugs at a rate that turns a profit at $100 a pop :D. -
@berendjanwever@dlitchfield wait, can I just send them unique crashes and profit? In that case, with AVs, I think I could retire.
End of conversation
New conversation -
-
-
@berendjanwever@taviso not at all how that went down :) ... and as I said there are exceptions to every rule more often than not -
@mkleczynski@taviso that's an odd definition of exception, please explain :) -
@berendjanwever we left an open door, we want to encourage, not discourage, but want to start engaging with more security researchers
End of conversation
New conversation -
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@berendjanwever@taviso@Shiftreduce also - sandbox stuff. It's not magic.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.