Comment by jejeyyy77
4 months ago
it never made sense to me why these white-hat hackers don't require payment before disclosing the vulnerability
4 months ago
it never made sense to me why these white-hat hackers don't require payment before disclosing the vulnerability
Bug bounty people do this all the time. It's almost always a sign that your bug is something silly, like DKIM.
Later
I wrote this comment before rereading the original post and realizing that they had literally submitted a DKIM report (albeit a rare instance of a meaningful one). Just to be clear: in my original comment, I did not mean to suggest this bug was silly; only that in the world of security bug bounties, DKIM reports are universally viewed as silly.
what does it mean to say a bug is silly?
only thing that matters is the severity and what it allows the attackers to do.