Quote:
Originally Posted by rowan
Vuln bounties should have some sort of public signature or hash ledger, so that when someone finds one, the finder can prove the time of submission, without releasing the actual details. That way the company cannot weasel out of it by saying that someone else found it first.
Would probably be even better if the proof was stored on a public blockchain, like Bitcoin, so that the company couldn't manipulate it.
There's a startup idea for you.  |
Brilliant idea!
With their "hackers bounty" publicity blitz the last few days they'll get a lot of people like me interested, until they read the scammy terms, and I'm not hacker.
With my previous posts "helping" Pornhub you never get public, or private, thanks but see they act on it later, with me at least once that I can remember. There's seemingly more tangible known monetary benefits to not disclosing and using to someone's benefit.
I'm sure my last post will receive the same lack of acknowledgement, let alone gratitude from Pornhub, and that's fine
