Correct. The point of that tweet was saying that even when there's a bug bounty, AND even when an organization has a vuln reporting front door (meaning their regular security@apple.com email address), vulns might come in via social media, & to prepare to route them correctly.https://twitter.com/i0n1c/status/935608248027303936 …
-
-
Yup. For example I’ve wanted to slap bounty contact on GitHub templates but others objected due to noise.
-
I’ve given up on making people happy, I just try to get them secure as soon as I can. Happy is optional.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.