Since the @Pwn2Own_Contest bounties for hacking a Tesla are higher for similar categories of bugs that are offered year-round in Tesla's ongoing regular bug bounties (max $15k per issue), they've just incentivized hackers to hold their bugs until the contest.
#perverseincentiveshttps://twitter.com/iblametom/status/1084920835402534913 …
-
-
Marketability of zeroday research without an active threat was a challenge I faced at Talos. Businesses care a lot more about a botnet with trivial or no exploitation capability at all than your sandbox break out kernel vulns that you just have in your pocket.
-
I think this is where
@dmolnar and Project Springfield gets it right positioning zeroday research as risk management to balance the scale against threat management. - 1 more reply
New conversation -
-
-
I'm pretty sure a lot of the tech press would still be interested. A really clever and/or interesting hack is as good as a zero-day in my book.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
In their (media's) defense, if the bugs aren't "0days" they might have to have nuanced coverage as opposed to "omg0day"! Sounds like a lot of work...
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Then the priority is stunt hacking, not security.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
