| ▲ | integralid 3 hours ago | |
TFA: >Discord is one of my favorite places to hunt for vulnerabilities since I'm very familiar with their API and platform. I'm at the top of their bug bounty leaderboard having reported nearly 100 vulnerabilities over the last few years. After you've gone through every feature at least 10 times, it gets boring. | ||
| ▲ | Aachen 2 hours ago | parent [-] | |
That doesn't specify how many bugs there existed in the Discord codebase throughout the time where this person was active. Only once you know that, can you say whether they found a significant proportion relative to the effort they've spent and would spend as a part-time employee. That other people still find things also suggests that the statement above ("just hire him and you're secure") might have been a bit simplistic | ||