This is why bug bounties MUST NOT exceed the price a developer or tester would make in salary. This is why those $250,000 bug bounties for side channel vulnerabilities are too high. We're damaging the defense pipeline w perverse incentives for bug hunters. #bountySmarterNotHarderhttps://twitter.com/tsunamino/status/975108284175679488 …
-
-
to me, your points seem more applicable to bounties for normal software bugs than to this specific case
-
Twitter isn't the place to debate this. I've been saying that there's a point where bug bounties won't get you what you want. Go too high, you kill your hiring pipeline. Higher skilled folks don't want to gamble, exactly right. This is the price point of perverse incentives.
- 12 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.