... if the full-disclosure cause needs more ammo: releasing 0-day will bring much more revenue in publicity, especially with site & logo :)
-
-
-
@berendjanwever What if you don't want to be arrested for finding vulnerability in a web service/vs a self-hosted application? -
@berendjanwever There is a distinction. -
@jtl999 Please note that I did not say releasing 0-day is always the better option. -
@jtl999 I'm saying most vuln reward progs undervalue the work, whereas releasing (0-day) vulns with site+logo to the media overvalues them. -
@berendjanwever Excellent point
End of conversation
New conversation -
-
-
@berendjanwever FML, can't have the best of both worlds, stop whinging about payouts#asshurtcantfind0daybuyerThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.