Quote:
Originally Posted by Bladewire
Cool according to the endless terms you have to wait 30 days for a response then 90 days for them to fix it, 120 days (4 months) total. THEY decide if your find is worth $50 or more and you have to trust Pornhub if they tell you it's already been reported to them by someone else 
Their terms also state they MAY reward qualifying finds. So even if you're the first to find a huge vulnerability that they fix you are not guaranteed any money at all. |
Vuln bounties should have some sort of public signature or hash ledger, so that when someone finds one, the finder can prove the time of submission, without releasing the actual details. That way the company cannot weasel out of it by saying that someone else found it first.
Would probably be even better if the proof was stored on a public blockchain, like Bitcoin, so that the company couldn't manipulate it.
There's a startup idea for you.