This is why bug bounties MUST NOT exceed the price a developer or tester would make in salary. This is why those $250,000 bug bounties for side channel vulnerabilities are too high. We're damaging the defense pipeline w perverse incentives for bug hunters. #bountySmarterNotHarderhttps://twitter.com/tsunamino/status/975108284175679488 …
-
-
what kind of equipment would help with the development of attacks that are eligible for these bounties?
-
For some reason I thought physical attacks against things like SGX, PAVP and fTPM were in scope. Cloud bills for signal processing of lots of data aren't exactly cheap, but I dont think they're currently in the 6 figure range.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.