I feel like bug bounties are a subpar alternative to security consulting from perspective of participants who can consult.
-
-
Maybe that's what the market wants for manual identification of XSS bugs on surface areas of X0,000 pages? I don't know; seems suboptimal.
-
paying full high end rate for someone to try 50000 xss test vectors in each input’s a waste, let the bounty find the low hanging ?
End of conversation
New conversation -
-
-
I'm not so sure. I find that "did they send email to the right address" filters out 90% of the chaff but none of the valid reports.
-
Combine that with "can they write coherently" and filtering bug reports is mildly annoying but not at all hard or time consuming.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.