Craig Hockenberry on Nostr: A not fun fact: I didn't get a security bounty for a macOS release that was done ...
A not fun fact: I didn't get a security bounty for a macOS release that was done specifically to address an issue I found.
https://mjtsai.com/blog/2024/05/14/no-bounty-for-kernel-vulnerability/
The rational was that I disclosed the issue publicly. Which I did after reporting it in the beta releases, and after they said “we're unable to identify an issue in your report”, AND AFTER THEY RELEASED THE FUCKING VULNERABILITY.
https://mastodon.social/@chockenberry/111580066311950281
I have no energy/desire to argue with Apple, but this ain't a good look for a $3T company.
https://mjtsai.com/blog/2024/05/14/no-bounty-for-kernel-vulnerability/
The rational was that I disclosed the issue publicly. Which I did after reporting it in the beta releases, and after they said “we're unable to identify an issue in your report”, AND AFTER THEY RELEASED THE FUCKING VULNERABILITY.
https://mastodon.social/@chockenberry/111580066311950281
I have no energy/desire to argue with Apple, but this ain't a good look for a $3T company.