EndlessMason

joined 2 years ago
sorted by: new top controversial old
Check out the #pilet, SoulsCircuit's very cool retro-futuristic handheld tablet/console. in c/kde@lemmy.kde.social
A company appears to be abusing #BugCrowd’s #bugbounty program to hide essential details of a critical vulnerability. The company itself has rated the vulnerability as low severity. This has led many in c/cybersecurity@fedia.io
[–] EndlessMason@hachyderm.io 1 points 6 months ago

I forgot the sarcasm markers, sorry about that one.

I'm not super qualified in economics, but it kinda feels like you should either pay for the pentest and own the results, or not pay and not own it.

@harrysintonen@infosec.exchange

A company appears to be abusing #BugCrowd’s #bugbounty program to hide essential details of a critical vulnerability. The company itself has rated the vulnerability as low severity. This has led many in c/cybersecurity@fedia.io
[–] EndlessMason@hachyderm.io 1 points 6 months ago (2 children)

it sounds like you're really struggling to figure out what to do next lol

(don't forget to click the "pay out" button before doing anything hasty)

@harrysintonen@infosec.exchange

A company appears to be abusing #BugCrowd’s #bugbounty program to hide essential details of a critical vulnerability. The company itself has rated the vulnerability as low severity. This has led many in c/cybersecurity@fedia.io
[–] EndlessMason@hachyderm.io 1 points 6 months ago (4 children)

hey, so I'm just wondering

What is the penalty for breaching that ToS and how is it enforced?

And how would they demonstrate it was you, and your bug crowd account, and not a random anonymous blogger account that just happens to have found a similar vuln at the same time?

@harrysintonen@infosec.exchange