Paying once for first blood and then in a lottery for the duplicates. Yay/Nay?https://twitter.com/mik235/status/946132300646858752 …
-
Show this thread
-
-
Replying to @mik235
Lottery, but maybe reward should also be reduced to discourage colusion.
2 replies 0 retweets 0 likes -
Replying to @sirdarckcat @mik235
I think the current approach is optimal, the obvious attack against a lottery is to always report issues through a dozen pseudonyms to give yourself the best odds. Even for split, no downside to reporting dozen times to reduce share of other reporter, no?
2 replies 0 retweets 2 likes -
Correct, if you report a dozen times, other finders get a smaller share. This screws up other people, but provides no financial incentive to the cheater.
1 reply 0 retweets 0 likes -
Replying to @sirdarckcat @mik235
I don't understand, the bug is reported by two people, but I report it using ten personas. Don't I get total/11 * 10, and the other person gets total/11?
2 replies 0 retweets 0 likes -
You would need to reduce the "pool" on every new duplicate. Original bug worth $1k. First finder gets $1k on triage (+$1k on fix). First dupe, lottery for $1k on fix. 2nd dupe, lotto for 500 on fix. 3rd, lottery for 250 on fix. 4th, lotto for 125. 5th gets nothing (for ex)
1 reply 0 retweets 1 like -
Replying to @sirdarckcat @mik235
I see, so if five people submit the bug, nobody gets anything? I think this does remove the incentive for collusion, although people will get angry if you wait too long and cost them their bounty haha.
1 reply 0 retweets 2 likes -
Yea I mean we can make the pool reduce slower at the expense of making colusion just barely profitable, but at the end, if a bug is reported many times what can we do :-/
1 reply 0 retweets 0 likes
Eh, I like the current system. It's simple and fair, you can't make everybody happy.
-
-
Agree. Only thing is i would open the report/ticket to people the report a dupe
1 reply 0 retweets 2 likes -
Transparency here is deff good. And can also help make sure a more complete patch is put in place since all those that previously found it would in theory get to test the patch. Maybe reward them if they find a bypass to the patch
0 replies 1 retweet 2 likes
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.