top | item 46319276

(no title)

sammy2255 | 2 months ago

They've already proved themselves as competent. $50k a year to a billion dollar company is nothing. Even if they find 0 vulnerabilities a year it's still worth it to them

discuss

tptacek|2 months ago

I directionally agree with you but we could go another 20 comments deep on exactly what the purpose of an external pentest or red-team exercise is and how it might not match up perfectly with what an amateur web hacker is currently doing. But like: yeah, they could get into that business, at least until AI eats it.

wiether|2 months ago

So now they found a vulnerability, the company should pay them $50k a year until they retire because they proved themselves competent?

sammy2255|2 months ago

Yes?