It's not that I disagree with your opinion; if I found a bug and I reported, all I'd really want to know is that they were taking it seriously. So a personal note would be great. And I love that this guy was, in the midst of dysfunction, just buying the t-shirts and sending them out because it was The Right Thing.
However, it is a little much for a for-profit, publicly traded company with $4 billion in annual revenue (mostly made from manipulating how their users spend money) to think that other people should do things for them for free.
I certainly miss the long-ago days when the Internet was an academic community, mainly free of commercial influence. And I love it when people rise above base commercial motives to do something more beautiful. But if we line people up based on their right to complain that the Internet is all crass and money-oriented these days, Yahoo, who led the first wave of Internet commercialization, surely must be near the back.
> However, it is a little much for a for-profit, publicly traded company with $4 billion in annual revenue (mostly made from manipulating how their users spend money) to think that other people should do things for them for free.
I'm not sure I understand this. Yahoo! did not have a bounty program that paid out money so if you were submitting a vulnerability you found it would be a little ridiculous to expect any remuneration.
My point here is that a for-profit company shouldn't expect random people to do nice things for free. Sometimes they do and that's great. But they shouldn't expect it.
The post I was replying to comes from a "let's all help each other out" perspective, which I like and is the mode I want everybody to be in. But the last people who should be pushing that line are those who are making billions of dollars. Especially so when those people are the ones who led the first wave of commercializing the internet.
It comes across to me as something like, "Hey, let's all work together so I can line my pockets."
I think the message he was portraying more is of the annoyance with someone showing up with a vulnerability and demanding a reward. The same way you might view someone mowing your lawn without your permission and then getting angry when you didn't pay enough for it.
However, it is a little much for a for-profit, publicly traded company with $4 billion in annual revenue (mostly made from manipulating how their users spend money) to think that other people should do things for them for free.
I certainly miss the long-ago days when the Internet was an academic community, mainly free of commercial influence. And I love it when people rise above base commercial motives to do something more beautiful. But if we line people up based on their right to complain that the Internet is all crass and money-oriented these days, Yahoo, who led the first wave of Internet commercialization, surely must be near the back.