← Back to context

Comment by lstodd

1 month ago

It didn't become any more vulnerable.

This is security, you have to have procedures for when you get owned; the bug bounty program is orthogonal to that.

If they wiped prod db and put up goatse on my site I would have still paid and said thank you provided I was told how that was done.

> It didn't become any more vulnerable.

That depends on how secret the URL was. If you go from needing an exploit to just visiting a guessable link, that's significantly more vulnerable.

> If they wiped prod db and put up goatse on my site I would have still paid and said thank you provided I was told how that was done.

Well most people wouldn't, and for good reason.