Comment by naeioi
3 days ago
The bounty could be very high. Last year one bug’s reporter was rewarded $250k. https://news.ycombinator.com/item?id=44861106
3 days ago
The bounty could be very high. Last year one bug’s reporter was rewarded $250k. https://news.ycombinator.com/item?id=44861106
Maybe google is an exception (but then again, maybe that payout was part marketing to draw more researchers).
So is there anything that would actually satisfy crowd here?
Offer $25K and it is "How dare a trillion dollar company pay so little?"
Offer $250K and it is "Hmm. Exception! Must be marketing!"
What precisely is an acceptable number?
One is a lament that the industry average is so low, and the other is… a lament that the industry average is so low. What's the problem?
An increase in the average bug payout. Bounty programs pay low on average.
A number better than what the exploit could be sold for on the black market
9 replies →