Comment by keraf

Comment by keraf 8 days ago

I'd love to see this happen to every billion dollar company that doesn't have a bug bounty program. Offering zero incentive for reporting vulnerability just encourages hackers to exploit it for their own advantage or to wreak havoc.

As a paying customer, I expect better from these companies and personally wouldn't blame the hackers for exploiting their findings if no program exists.

TechDebtDevin 8 days ago

Well the Federal Government certainly wouldn't agree with you. Give it go though!

Reply View 9 replies

IntelMiner 8 days ago

The Federal Government? Thank goodness these companies only operate in one country. Or we've finally succeeded in uniting under one singular world government

Reply View | 7 replies
- TechDebtDevin 8 days ago
  
  In case you haven't noticed, the FBI charges hackers across the world on a frequent basis. And you should fear them regardless of what country you're in if you're going to be messing with American companies. I've worked at companies where the FBI caught our engineers that were offshore stealing IP. The Company didn't have a clue, they are watching anything and everything that concerns American interest and yes there are no jurisdictions/borders stopping them, outside of Russia, Iran and NK ofc.
  
  Reply View | 6 replies
  
  _AzMoo 8 days ago
  
  How does the FBI arrest somebody outside of the US?
  
  Reply View | 5 replies
InDubioProRubio 8 days ago

Cant have fitness stress tests for the big guys. They need protection for lazy execution of minimal efforts.

Reply View | 0 replies

batch12 8 days ago

I think that's called ransomware

Reply View 2 replies

keraf 7 days ago

Or negligence :-)

Reply View | 1 reply
- batch12 6 days ago
  
  What if the billion dollar company has a responsible disclosure process and internal vulnerability management program and has just decided not to pay for unsolicited bug reports? Where is the negligence?
  
  Reply View | 0 replies