You can say that, but he was going to get $0 if he already didn't have internal ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

noasaservice on Nov 10, 2022 | parent | context | favorite | on: Accidental Google Pixel Lock Screen Bypass

You can say that, but he was going to get $0 if he already didn't have internal connections to google.

If these companies try to cheap people out of what bounties they offer, then they need reminded that they're not the only game in town that'll pay for exploits.

joecool1029 on Nov 10, 2022 [–]

This is the correct takeaway. It's damaging to their reputation to not admit the error and cheap out like this. I would hope they at least split the bounty between the two researchers, the one who initially raised it (but didn't complete their report?) and this one that had a fully documented chain.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact