| ▲ | consumer451 2 hours ago |
| I am far from the halls of corporate decision making, but I really don't understand why bug bounties at trillion dollar companies are so low. |
|
| ▲ | arcfour 2 hours ago | parent [-] |
| Because it's nice to get $10k legally + public credit than it is to get $100k while risking arrest + prison time, getting scammed, or selling your exploit to someone that uses it to ransom a children's hospital? |
| |
| ▲ | consumer451 12 minutes ago | parent | next [-] | | Thanks, great answer. I was just thinking from a simple market value POV. | |
| ▲ | kspacewalk2 an hour ago | parent | prev [-] | | Is it in fact illegal to sell a zero day exploit of an open source application or library to whoever I want? | | |
| ▲ | IggleSniggle an hour ago | parent [-] | | Depends. Within the US, there are data export laws that could make the "whoever" part illegal. There are also conspiracy to commit a crime laws that could imply liability. There are also laws that could make performing/demonstrating certain exploits illegal, even if divulging it isn't. That could result in some legal gray area. IANAL but have worked in this domain. Obviously different jurisdictions may handle such issues differently from one another. |
|
|
