Domain: hackerone.com
Stories and comments across the archive that link to hackerone.com.
Comments · 4
-
Re:The only thing that I find annoying
Here's one example, the first google result I got when I searched "firefox exploit access local files"
https://blog.mozilla.org/secur...Would this have been an exploit if Firefox had locked down local file access?
Here's another one, reported to the tor project, which was using Firefox
https://hackerone.com/reports/... -
Re:Not enough
The very fine summary says the $1k is "on top of any reward you get from the app developer." Apparently the rewards for, e.g., Snapchat, range from $250 to $15,000.
Who is paying for painstaking analysis? You might find a bug randomly. Personally, I would be pretty likely to ignore it, but $1k is probably enough incentive for me to formally report it. For that matter, I am quite sure Google and the other companies *do* pay for painstaking analysis, but a lot of bugs are going to be exposed by simply encountering them rather than meditating about source code.
Criminals may pay more but they're probably not going to pay anything for bugs they already know about, they might pay you nothing anyway (hey, they're criminals), you might be one of those honest folk who won't sell to them regardless of what they're paying, you might be dishonest but not motivated to seek out an unknown disreputable buyer when you have easy money right in front of you, etc. Being an honest person, without a bug bounty program finding that bug is worth $0 to you.
Anyway, isn't it a bit contradictory to complain that the money isn't enough to incentivize looking for bugs but then to also complain that it's creating a bunch of people looking for bugs who don't get paid?
-
Re:FAIL
-
Re:The Internet?
https://hackerone.com/internet
Sounds like protocol vulnerabilities and common implementation vulnerabilities would fall under this section.