Nobody is buying this vulnerability. If you're unhappy with how a bug bounty program is structured, you should absolutely just post the vulnerability. That's a longstanding norm.

▲

strken 3 hours ago | parent [-]

What makes a vulnerability saleable? Is this one not valuable because the government clients of someone like Memento Labs don't care about a MITM attack on desktop computers?

	▲	akerl_ 3 hours ago \| parent \| next [-]
		Generally the vulnerabilities you can sell for money are ones that somebody can easily use to make money, as part of an existing money-making scheme they have. If the vuln can’t be used to make money, or the way it makes money requires that a criminal enterprise make up a whole new set of workflows, it’s not going to have much of a market.
	▲	jnwatson 3 hours ago \| parent \| prev [-]
		Correct.