Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
alexcnwy
on March 3, 2019
|
parent
|
context
|
favorite
| on:
Teen Becomes First Hacker to Earn $1M Through Bug ...
The company posting the bounty. Third party verifies the bug. Why sarcastic?
vertex-four
on March 3, 2019
[–]
Why doesn’t the third party publish the data themselves then?
alexcnwy
on March 4, 2019
|
parent
[–]
The third party doesn't know about the vulnerability. Company C posts bug bounty B in contract. Researcher X discovers vulnerability. Validator Y confirms the vulnerability and X gets paid (1-f)B where f is validator fee.
vertex-four
on March 4, 2019
|
root
|
parent
[–]
OK, so why doesn't Y hold the money as well, given that they're in the position of deciding whether or not X gets it?
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search: