Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> 2025-05-15 - Panel awards $1,337 + swag. Rationale: Exploitation likelihood is low. (lol)

Oh, so this is how vendors are going to start playing it to minimize bug bounty costs, huh? Good luck with that- the whole point of the award being a decent chunk of change is to make responsible disclosure more appealing to researchers who might otherwise go the other direction.



I run the BBP at work and we have gotten great reports from it that I'm really glad we didn't find out the "bad" way.

But I kind of think that, instead of any person or group of people choosing between "submit to a BBP" or "sell a 0-day to evil state actors or dark web clients" a BBP is better seen as allowing you to employ stunningly smart and ethical researchers in India (where a $2k bounty goes pretty far) to find all your vulns ASAP so that you have way fewer vulns for the actual bad guys to find. A pretty good "High" vuln is so valuable to people like CIA, FSB, Mossad, etc, not to mention terrorists, money launderers, etc. that it would be hard to compete with those guys financially if we were dealing with strictly economically rational but amoral researchers.

We've paid thousands to a couple of the same researchers, and it's money well spent.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: