The whole "We're not going to pay you because of something secret we know you didn't" has always been an abusive clause in the whole bug bounty market and I think it's funny people are just realizing it.
I busted ms in telling two submitters that the other one was the first and therefore not paying anyone. The did not expect I could quote their answer to random other submitterpic.twitter.com/9IcI7tXeab
-
-
and of course no reply- it was so frustrating, they just started making up outrageous lies about why it wasnt eligible. When i then replied why it wasnt true I was just ignored. It stopped when they realized there now was 700.000 other eyes following the case...
-
this is some insurance claim denial level bullshit is it sop to hide disclosure until they receive two reports of the same bug then admit it was reported already to both reporters as a bounty payout loophole?
End of conversation
New conversation -
-
-
acting like we all don’t know each other out here
-
Ive had nothing but good experiences reaching out to other researchers when I felt there was something not right. Latest rejection was because they did 1 year + long rewrite of group policy system.
- Show replies
New conversation -
-
-
This Tweet is unavailable.
- Show replies
-
-
-
How do you know there wasn't some 3rd researcher faster than both of you? Did MS disclose the ID of the "first" submitter/submission?
-
because they admitted it after https://twitter.com/jonasLyk/status/1282945750746509313 … how i knew it before? it was a bug class i invented.... exploited with a driver obviously not looked at before and at that time i had 0 trust in ms
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.