From "No More Free Bugs" to "Stop with the Bug Bounties", the insatiable circle of infosec tweeter.
-
-
Replying to @nicowaisman
@nicowaisman Heh, what's the reference for that?1 reply 0 retweets 0 likes -
Replying to @scarybeasts
@scarybeasts@nicowaisman there are good and bad ways to run a bug bounty. I'm having trouble finding the value in IBB.1 reply 1 retweet 0 likes -
Replying to @dguido
@scarybeasts@nicowaisman I generally want a B.B. to collect data about vuln trends, monitor attack capabilities, ensure coordinated release1 reply 0 retweets 0 likes -
Replying to @dguido
@scarybeasts@nicowaisman In IBB, all data was already public and release already coordinated. I could find better ways to use those $$$.1 reply 0 retweets 0 likes -
Replying to @dguido
@scarybeasts@nicowaisman As a researcher, IBB won't influence my work since there are no clear rules for who wins, comes months after.2 replies 0 retweets 0 likes -
Replying to @dguido
@dguido@nicowaisman Actually, we do get researchers coming back for repeat business. Injecting cash into whitehat research works.1 reply 2 retweets 1 like -
Replying to @scarybeasts
@scarybeasts@nicowaisman I mentioned this to@lcamtuf earlier, but I'd enjoy seeing public analysis of bounty data from your team.1 reply 0 retweets 1 like
Dan Guido Retweeted Dan Guido
@scarybeasts @nicowaisman @lcamtuf For the IBB: what are goals, how/if you met them, how you measured, at what costhttps://twitter.com/dguido/status/517104221045678081 …
Dan Guido added,
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.