undefined | Better HN

0 pointssgift12y ago0 comments

Sure, but the PR will be far more shitty if the reaction of the next hacker is "Sorry, I could have told you about this bug, but I have heard that you don't honor your bounty agreements, so I have sold it to others - Have fun!"

0 comments

borplk12y ago

Facebook is not worried about that at all.

Whitehat bounty program, as the name implies, is for whitehat hackers.

And whitehat does not mean "Will not sell in black market as long as there's good enough bounty money to be collected".

Facebook is not competing with or outbidding black market rates.

If someone is the kind of hacker who would just go and sell the bug in the black market, Facebook would not want to pay them in the first place.

The purpose of bounty programs is NOT to "encourage black hat hackers to sell their bugs to us instead of black market", but rather it is "encourage white hat hackers to challenge our application instead of millions of other applications out there".

j / k navigate · click thread line to collapse