undefined | Better HN

0 pointsEForEndeavour5y ago0 comments

Great way to alienate the hacking community. That would work only a small number of times before word spread not to bother even trying that company's disclosure program.

0 comments

NoodleIncident5y ago

That's how we got here. This is the word

hutzlibu5y ago

But is it a fact, or just rumor?

eitland5y ago

It is fairly well known that certain large companies are really stingy.

I'm not into this but once discovered a kind of security related bug (could reveal details about the composition of a password typed into a new Windows 8 password field, admittedly low value as you had to have the user type in the password and leave) and later found a more interesting issue in the way an official powershell module works with Azure Information Security that makes it possible to sneak a file through unencrypted.

On the first I got a nice thank you mail and on the last I struggled so hard to report it that I gave up.

philipov5y ago

Well, the question was why someone wouldn't use the company's disclosure program, so that's the point.

cwkoss5y ago

Have you ever tried to participate in a bug bounty program? I've tried a couple and the experience has been consistently disappointing, but maybe there are some better ones.

j / k navigate · click thread line to collapse