Hacker News new | past | comments | ask | show | jobs | submit login

Beware of the chilling effects of collecting Google bounties, they will claim a reward is invalid if you've blogged about the vuln outside of their timetable.



Isn't that common sense? If you disclose the bug publicly before it's patched you won't get the reward...


Sort of. But Google has a history of how it treats independent researchers.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: