Hacker News new | past | comments | ask | show | jobs | submit login

> They buy vulnerabilities from researchers...

or provide an opportunity for the original developers to introduce an obscure backdoor and cash out




That's an interesting take on the situation.

Was there any instance of this? Are there disincentives against this? (I guess the entity offering the bounty could say, only software released before this day is available. Though malicious contributors can very certainly guess that there will be other future bug bounties too.)


> Was there any instance of this? Are there disincentives against this? (I guess the entity offering the bounty could say, only software released before this day is available. Though malicious contributors can very certainly guess that there will be other future bug bounties too.)

I believe sometime ago there was new surrounding backdoored crypto also on the low-level side of things there was a secret rootkit in Street Fighter that allowed for an EOP

https://github.com/FuzzySecurity/Capcom-Rootkit

https://www.blackhat.com/docs/eu-17/materials/eu-17-Filiol-B...


Impossible. Our ego is too high to allow bug in our code.


Higher than a pile of banknotes that together make half a million dollars? I doubt that.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: