So you’d rather this happen? That is the question I asked.
Because this is explicitly what happens when a company doesn’t have a good process for accepting and responding to exploits.
The onus should entirely be on the company to invite researchers to find and report exploits in a responsible way. They are the ones at risk of losing millions of dollars over an exploit.
Because this is explicitly what happens when a company doesn’t have a good process for accepting and responding to exploits.
The onus should entirely be on the company to invite researchers to find and report exploits in a responsible way. They are the ones at risk of losing millions of dollars over an exploit.