top | item 32550497

(no title)

mdbug | 3 years ago

You find "interesting" that someone just wants to report a security vulnerability without having to accept any conditions first?

Funny, I find it interesting that they want to pay a bugbounty even though nobody asked for it. But I guess paying hush money is just cheaper than having to seriously fix the issue.

discuss

malaya_zemlya|3 years ago

>But I guess paying hush money is just cheaper than having to seriously fix the issue.

They did fix the issue, though.

Anunayj|3 years ago

They just marked something the way exploit was done as "malacious", without fixing the root problem, or informing the the reporter that they "fixed" it. Instead claiming it was never there. That is very unprofessional!

And if these guys were to go though the NDA route, The company may choose just not to fix it at all, and tell these researchers to be quiet about it. And you'd never know there was such a exploit ever.