Why shouldn't full-disclosure'd bugs be eligible for NN% of the reward? (looking for strong arguments against it)
-
-
Abusing a bug on a mass scale can be seen as full disclosure. You are technically making the bug public, but the perception is drastically lowered. So if I full disclose a bug in klingon, is it the same as abusing it? Food for thought I guess.
-
So if you only use a bug to compromise the vendor is that coordinated disclosure? It's a little insulting to equivocate full-disclosure and mass exploitation.
- 6 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.