top | item 31804451

(no title)

Yes? That's how bug bounties work. Companies that care about their security pay for bugs. Those that don't, don't. Sony care, but $20k for this chain of bugs is pretty poor, especially when they offer up to $50k (for criticals). I'm curious why Sony think this is a High severity and not Critical.

EDIT: looks like it's not critical because of this https://twitter.com/theflow0/status/1535424299397369856

In which case, 20k still feels low, but not as unfair.

discuss

No comments yet.