Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think the GP had it: Key stakeholders were not interested in a real bug bounty. The bug bounty project was a Public Relations exercise.

Being able to say "we have a $30,000 bug bounty program and nobody has claimed it" would be extremely attractive.



I think it's more probable that they had the right intentions in the beginning, but then realized how much money these vulnerabilities might cost to fix because they had no easy way to resolve them without recalls. So rather than fix the issues and lose millions of dollars they just tried to hide the them.


Everything by DJI, even the freaking batteries, has updatable firmware. Recall need unlikely.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: