Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Don't pay the bounty for the bug then. Pay it for identifying the weak links in the security-reporting chain. The links that shrugged the bug reporter off, from the start; didn't have, at the very least, some boilerplate to guide the reporter; didn't have avenues or rules for non-English speakers.

For all we know, the reporter might have thought, "This will never work" or is not up to speed on or didn't understand the rules. Facebook certainly didn't help him, at every turn, including the last email "Sorry, l2p."



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: