top | item 45156590

(no title)

ghiculescu | 5 months ago

If that’s the case, then why do companies run bug bounties?

I’m asking earnestly; it seems like if nobody actually cares about these gaps then there shouldn’t be an economic driver to find them, and yet (in many companies, but not Burger King) there is.

Is it all just cargo culting or are there cases where company vulnerabilities would be worth something?

discuss

StrauXX|5 months ago

Oh no. They do get exploited. Just not bought. Buying vulnerabilities is by itself time intensive, complex work. grey market escrow, finding trusted sellers and buyers, etc. So buying and selling bulnerabilities only really happens for really impactful und generally useful ones.