I sometimes do these bug bounties and some of these are just...
I mean Uber critical max payout is... $15.000. These are bugs that leak out client data and could possible damage the company for millions. I've had companies that argued with me that loss of client data wasn't critical but minor. Some even just give a bounty of $250.
Not that this excuses the behavior of hackers leaking confidential data but companies easily pay millions for anti-virus software that only detects well-known viruses but skimp on zero-days in their own software.
I mean Uber critical max payout is... $15.000. These are bugs that leak out client data and could possible damage the company for millions. I've had companies that argued with me that loss of client data wasn't critical but minor. Some even just give a bounty of $250.
Not that this excuses the behavior of hackers leaking confidential data but companies easily pay millions for anti-virus software that only detects well-known viruses but skimp on zero-days in their own software.