Comment by Rygian

Comment by Rygian 7 hours ago

Don't waste your time and money on funding bug bounties or "getting audits done". Your staff will add another big security flaw just the next day, back to square one.

Spend that money in reorganizing your management and training your staff so that everyone in your company is onboard with https://owasp.org/Top10/2025/A06_2025-Insecure_Design/ .

staticassertion 3 hours ago

If part of the problem was that no one was responding to a vulnerability report then a bug bounty program would potentially address that.

Reply View 2 replies

liveoneggs an hour ago

you just get spammed with the same three fake reports over and over

Reply View | 1 reply
- staticassertion 27 minutes ago
  
  Triage is something that these services provide, exactly to deal with that.
  
  Reply View | 0 replies

liveoneggs an hour ago

good try :)

Reply View 0 replies