Hacker News new | past | comments | ask | show | jobs | submit login

Good reason to not disclose to Google.

Instead, you should sell the exploit on the exploit dealers sites. This is easily worth $300-500k

But not now. And you have the 'privilege' of being dicked around with people googling you.




Maybe having morals is worth $230k to the author.


You can say that, but he was going to get $0 if he already didn't have internal connections to google.

If these companies try to cheap people out of what bounties they offer, then they need reminded that they're not the only game in town that'll pay for exploits.


This is the correct takeaway. It's damaging to their reputation to not admit the error and cheap out like this. I would hope they at least split the bounty between the two researchers, the one who initially raised it (but didn't complete their report?) and this one that had a fully documented chain.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: