This is why bug bounties MUST NOT exceed the price a developer or tester would make in salary. This is why those $250,000 bug bounties for side channel vulnerabilities are too high. We're damaging the defense pipeline w perverse incentives for bug hunters. #bountySmarterNotHarderhttps://twitter.com/tsunamino/status/975108284175679488 …
-
-
Twitter isn't the place to debate this. I've been saying that there's a point where bug bounties won't get you what you want. Go too high, you kill your hiring pipeline. Higher skilled folks don't want to gamble, exactly right. This is the price point of perverse incentives.
-
Come on Katie -- you don't get to start a Twitter thread with a strong opinion and then state that Twitter isn't the place to debate this. Or, rather, you do -- but the optics are pretty rough to the bystander :)
- 11 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.