The problem with such negotiation is that at the moment someone even describes t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

sandworm101 on Nov 17, 2017 | parent | context | favorite | on: Walking away from $30,000 of DJI bounty money [pdf...

The problem with such negotiation is that at the moment someone even describes the bug they have found, they eliminate the possibility of selling to anything other than the BB program. If you describe your bug to them, but then the BB negotiations go south and you walk away, you are a suspect in any future exploit of that bug. So the BB program knows that they have the researcher on the hook from the moment he makes contact.

supergreg on Nov 17, 2017 [–]

What about publicly announcing it so anyone can make the exploit?

dingo_bat on Nov 17, 2017 | [–]

Or announce it publicly and then hack them yourself.

pc86 on Nov 17, 2017 | | [–]

Also known as "commit multiple felonies."

gatmne on Nov 17, 2017 | | [–]

I'd call it plausible deniability.

pavel_lishin on Nov 17, 2017 | | [–]

I'd also delete that comment, as it might harm any future legal defense.

pbhjpbhj on Nov 17, 2017 | | [–]

On the web there is no delete!

mkagenius on Nov 17, 2017 | | [–]

fun thread

Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact