Did I miss it? I don't see anywhere the author said "I think this facebook bug is worth more than XY dollars". It is obviously worth more than the $5,000 bounty given to someone willing to exploit it. Being able to harvest the email address of any arbitrary Facebook user would be worth much more than $5,000.
If bug bounty hunters are making a calculation of whether to report or sell on the black market, a bug like this would fetch a very large price. I hope people don't add shades of gray, or stripes of black, to their hats with the discrepancies that are regularly reported.
I think they're referring to the comments where this already very dead horse seems to be regularly beaten whenever a bug bounty is discussed. Much like Google Reader was(is?) on every article about Google, Facebook is evil, etc.
I'm kind of torn about it since I've come to realize that new readers won't have the same reaction to the drudgery of reading these repetitive arguments so they may have value but it's pretty annoying if you're a regular reader. It's easy enough to ignore it and/or hide it but if you feel strongly about it one way or another a compulsion to make sure your side is accurately and convincingly represented tugs at you.
Even at $5000 this set a personal high payout record for me. The easy legal money is better than taking a risk in a grey area such as selling exploits on the darknet. May not be as profitable this way, but I have no complaints and an extra 5k 2 days before xmas is a hell of a gift imo.
Hah. That's why I pointed out that you weren't one of those who complained about the payout. I just found it odd that someone would say they didn't want that to be discussed. I think it's an important part of the discussion. I definitely agree -- easy legal money is always preferable to sketchy darknet money.
Exactly. And with my past it is much better to stick to the right side and not venture into grey areas. Prison is not fun, so would really like to avoid it more in the future.
