Michael Snoyman on Nostr: It’s common practice to either have a bug bounty program as a product, or as a ...
It’s common practice to either have a bug bounty program as a product, or as a white hat hacker ask for reasonable compensation during disclosure. Unsurprisingly there’s also a lot of scamming. I had a customer who got conned and paid 3.5 ETH for fake vulnerability disclosures.
Published at
2025-01-31 11:18:33Event JSON
{
"id": "d2cb7dee700c86751d3f13e094f5c2daef64664ac73700302bee772d13bb4c88",
"pubkey": "e3ba5e1a06e11c860036b5c5e688012be2a84760abc066ac34a099535e433365",
"created_at": 1738322313,
"kind": 1,
"tags": [
[
"p",
"ba80990666ef0b6f4ba5059347beb13242921e54669e680064ca755256a1e3a6",
"",
"mention"
],
[
"p",
"e54c21c7ca38bbbf57a6b9fce46e5b33eda927da6dc90cf65239a2214d7e9087",
"",
"mention"
],
[
"e",
"1fdb9ae452e164450bb2ea059b4840f48ea7ee8094ee95f29ad54fe9a5ebad1c",
"",
"root"
],
[
"e",
"cab1c084dc7498e223be8d5a4c9085f218d72d2fa35edcad45ac2e71807cd0af",
"",
"reply"
]
],
"content": "It’s common practice to either have a bug bounty program as a product, or as a white hat hacker ask for reasonable compensation during disclosure. Unsurprisingly there’s also a lot of scamming. I had a customer who got conned and paid 3.5 ETH for fake vulnerability disclosures.",
"sig": "ee8d5032688b226de41657a2ab85b7d75073775bf752499310222dfb9d90910568f767c52bb9df81a3a6a8fb898cdf3ae21db26f7529e3f0d3918e409c836e46"
}
