Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

>Further, had he been less than honest, he may have been able to leverage the code itself to find more than one $500 bug.

I'm not sure I agree with this particular argument, it essentially reduces the concept of a bug bounty to blackmail. This mindset is not a constructive one.

The tester should get rewarded for their hard work and helpfulness, not the decision to follow the law.



I think he meant scan the source code for security issues and then report those bugs one by one ...


That is what I meant, I should have been more clear.


It was perfectly clear, I don't know what the parent is on about with blackmail.


I thought it was pretty clear :-)


How is that dishonest? It sounds like a great way to improve security and get bounties.


I'm sure (paying) customers will be totally fine with Prezi's source code being available to anyone that want to try to hack the site.


I fail to see how that has anything to do with honesty. The source was leaked accidentally.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: