Hacker News new | past | comments | ask | show | jobs | submit login

I’ve run into this with other vendors and really wished it’d get you CCed on updates so you didn’t have to ask for status periodically. It definitely doesn’t give a good impression when things drag out for aeons.



What's crazy is that it's 100% in the vendor's interest to keep this person happy, who they know can cause massive damage to their system, completely legally. The only leverage they have is the reporter's greed to get a bounty.


It's not greed to hold a company accountable to its promises of compensation.

Even so, surprisingly many researchers disclose a bug after setting a reasonable fix deadline, risking to forfeit compensation. Kudos to them!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: