Hacker News new | past | comments | ask | show | jobs | submit login

My neighbor left their front door unlocked while they were on vacation. I kindly locked their door and notified them and they sent me a nice bottle of wine in thanks. What a total slap in the face. A security vulnerability like that, I should be entitled to at least a home-cooked dinner invite. Now if you'll excuse me, I have a whiny blog post to write and I will also be embarrassing myself on Twitter via a series of self-entitled rants showing to the world how insecure I am.



One unlocked front door does not equate to a vulnerability allowing anyone to take over your @yahoo.com email account, unless of course in that house there was a file cabinet full of other people's personal information.

According to the Google reward program (http://www.google.com/about/appsecurity/reward-program/), a vulnerability of this type seems to be worth somewhere in the $5,000-$10,000 range.

Granted, the security researcher lamenting the lack of Yahoo's appropriate bug bounty program has no right to be righteously indignant about a gift certificate, but it seems clear now that Yahoo knew there was a problem with their bug bounty program and were in the process of fixing it anyway. I have no idea how much money such a vulnerability would be worth on the black market, but I suspect it is more than $12.50.

If I am ever in a position fortunate enough to have to make this sort of decision, I can say that I will be keenly interested in keeping these security researchers on my side. That appears to be exactly what Yahoo is doing now, so kudos to them!


So you're saying:

  neighbor family : nice bottle wine :: hundreds of thousands of customers : t-shirt
Hmmm. Your value function appears not to monotonically increase.


do something nice for someone where they offered no reward : they gave me something because they thought it was nice

do something for someone who never offered to give you anything but you expected a thousand dollars anyway : they gave me something because they thought it was nice


Except replace neighbor with corporation worth millions if not a billion and millions of users, unlocked door with door wide open, and vacation with home 24/7.

Also if a nice bottle of wine costs $100 from a neighbor making a median of 100K a year scale it up to a company with the profits of Yahoo and do the math on a tshirt.

What's it worth to Yahoo if someone finds an exploit that can expose all users? A friendly smile and handshake? Or another snarky reply on the internet.


Perfect reply, reframing the situation nicely.


Is it?

Lets see, the average monthly income in the states is about $4k. A decent cheap wine bottle is about $10.

Now compare that to Yahoo's income and that $12 store credit they gave him.

A more accurate scenario would be if the neighbours sent him the wine cork.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: