Lets talk about bug bounties. My experience. And why I'm going to push my company to start one. It's not about money or mercenaries.
-
-
Replying to @SwiftOnSecurity
I'm not a hacker. But in my life I have come across many security issues I didn't bother to report. Because I "knew" they wouldn't care.
1 reply 12 retweets 60 likes -
Replying to @SwiftOnSecurity
I'm a curious person. And my entire life I've found fascinating things that nobody else cared about. I've been conditioned to disregard it.
4 replies 9 retweets 68 likes -
Replying to @SwiftOnSecurity
So one day I found a curious oversight by a company, with grave consequences. I was about to tweet it to 150,000 people. But I didn't. Why?
3 replies 8 retweets 41 likes -
Replying to @SwiftOnSecurity
Because I knew someone at that company who cared. I knew they would take me seriously. I knew they were just as curious. They understood me.
4 replies 7 retweets 58 likes -
Replying to @SwiftOnSecurity
I didn't tell them for money or notoriety. I told them because I knew they would respect me and do something if I told them. They understood
3 replies 7 retweets 62 likes -
Replying to @SwiftOnSecurity
A bug bounty is similar. You're marking yourself as the 0.01% of companies who care. Who have someone designated to listen to people like me
7 replies 22 retweets 96 likes
a security@ contact listed on the website also has that effect though, at least somewhat
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.