@jedisct1 truth is finding bugs is "solved problem" for many vendors. Bounty is pure PR. Employee-found bugs have little influence on bonus.
-
-
-
@jedisct1 Fixing bugs is a bigger problem than finding them for these vendors.
End of conversation
New conversation -
-
-
@jedisct1@DefuseSec By paying money? -
@LearnNetSec@jedisct1 If they pay, there's incentive to introduce bugs. If they don't, there's incentive to leak bugs & share profit. - 2 more replies
New conversation -
-
-
@jedisct1@DefuseSec from anonymous data collection..Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
“
@jedisct1: How are company offering bug bounties handling vulns found by employees?” < I've always done bonusesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.