Sign in / up

back to article Adobe launches cashless bug bounty

Adobe has launched a bug bounty program that hands out high-fives, not cash. The web application vulnerability disclosure program announced today and launched last month operates through HackerOne used by the likes of Twitter, Yahoo!, and CloudFlare, some of which provide cash or other rewards to those who disclose security …

COMMENTS

Post your comment
House rules Send corrections
Add to 'My topics' unstar *
  1. FF22

    You want your vulnerabilities traded in underground forums?

    Because that's how you make sure your vulnerabilities are not disclosed to you, but traded in underground forums.

    18 1 Reply
    1. Ole Juul
      Reply Icon

      Re: You want your vulnerabilities traded in underground forums?

      That makes perfect sense to you and I because we understand the basic mechanism of competition. Unfortunately, Adobe has never heard of it. Perhaps they will soon.

      11 0 Reply
      1. the spectacularly refined chap
        Reply Icon

        Re: You want your vulnerabilities traded in underground forums?

        That makes perfect sense to you and I because we understand the basic mechanism of competition. Unfortunately, Adobe has never heard of it. Perhaps they will soon.

        They can work if the level of prestige is high enough. Donald Knuth stopped handing out bug report cheques a few years ago because of fraud but no one ever cashed them - far better to frame it and hang it on the wall.

        Which was in fact the problem - too many scanned images of the cheques online, complete with valid bank details, which is why he had to stop it.

        However, that's a personal reward from a world renowned expert whose prestige is inflated on that basis. This is another utterly pointless metric to go along with your Facebook friends, Wikipedia edit count, Stack Overflow rep, Yahoo Answers points and so on almost ad infinitum. All of them essentially boil down to how much time you are willing to waste on something for no gain instead of any actual skill.

        5 3 Reply
        1. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: You want your vulnerabilities traded in underground forums?

          "This is another utterly pointless metric to go along with your Facebook friends, Wikipedia edit count, Stack Overflow rep, Yahoo Answers points and so on almost ad infinitum."

          You missed out El Reg Bronze\Silver\Gold badges.

          14 0 Reply
          1. Paul Crawford Silver badge
            Reply Icon
            Trollface

            Re: You want your vulnerabilities traded in underground forums?

            Feeling sad you don't have one?

            2 6 Reply
            1. Anonymous Coward
              Reply Icon
              Anonymous Coward

              Re: You want your vulnerabilities traded in underground forums?

              You've sussed me.

              I'm a shallow, petty individual who craves meaningless on-line trinkets.

              I cry myself to sleep at night for not having attained an El Reg badge.

              19 0 Reply
              1. Paul Crawford Silver badge
                Reply Icon
                Thumb Up

                Re: You want your vulnerabilities traded in underground forums?

                Well played Keef

                4 0 Reply
              2. Anonymous Coward
                Reply Icon
                Pint

                Re: You want your vulnerabilities traded in underground forums?

                @keef - I thought the silver badge was stupid and pointless - until El Reg sent me my gift card for the lifetime supply of free beer.

                Cheers!

                0 0 Reply
                1. Steven Raith
                  Reply Icon

                  Re: You want your vulnerabilities traded in underground forums?

                  I never got a gift card for free beer.

                  Clearly, my contributions aren't as valued as some peoples :-(

                  Steven "dry week" R.

                  0 0 Reply
        2. Anonymous Coward
          Reply Icon
          Anonymous Coward

          Re: You want your vulnerabilities traded in underground forums?

          Electronic payment method rather than physical the obvious alternative.

          0 1 Reply
    2. Captain Scarlet
      Reply Icon

      Re: You want your vulnerabilities traded in underground forums?

      Why do I get the feeling you watch the Cartoon Archer (If you are unsure its about complaints in regards that's how you get ants).

      2 0 Reply
      1. Steven Raith
        Reply Icon

        Re: You want your vulnerabilities traded in underground forums?

        I got that too.

        Also, El Reg badges can't have that much value garnered to them; I have one, and I'm well known for talking utter tat on most occasions.

        Steven R

        1 0 Reply
  2. John Tserkezis

    The absolute best that could possibly come out of this, is Adobe cares so little about the maintenance of their products they don't want to pay their employees anything to fix the issues.

    The worst is all the way at the other end of the spectrum.

    Guess which way it'll go...

    4 0 Reply
    1. Anonymous Coward
      Reply Icon
      Anonymous Coward

      Exactly, good scope. This is the bigger picture compared to the fact of the day which is that Adobe is cheap.

      0 0 Reply
  3. WatAWorld

    The problem is cost.

    The problem is cost.

    Thousand dollar, even hundred dollar bounties are out of the question.

    Adobe would go broke if it merely tried to buy a cup of coffee for everyone who found a bug.

    13 1 Reply
    1. The Mole
      Reply Icon

      Re: The problem is cost.

      They could at the very least give free subscriptions to their online services - that has a real cost of zero and would encourage people to continue looking for further issues.

      4 0 Reply
      1. Anonymous Coward
        Reply Icon
        Anonymous Coward

        Re: The problem is cost.

        "...a real cost of zero"

        1. Apparently not. I'm guessing that people that are paying to use their online services are getting hacked and asking for retribution. That is really just a guess, I have 0 proof of this, but it seems possible (or probable given it's Adobe).

        2. You've been getting "Flash" free for years...at zero cost?

        0 0 Reply
  4. wobbly1

    "Adobe launches cashless bug bounty" lets hope they soon have a cashless balance sheet and reserves. Outmoded business model of exploiting legacy file format cash cows.

    5 0 Reply
  5. Mephistro
    Facepalm

    Great idea!

    Instead of wasting money rewarding the monkeysresearchers for their work, they offer instead a virtual badge that will give the researchers as much true social recognition as farting aloud in crowded rooms.

    Adobe's CEO (to himself): "I can envision thousands of hackers queuing at Adobe's HQ. For the first time in history, Adobe's products will be bug free!!!. A new age is coming for Adobe!!!"

    And then he run out of bath salts.

    1 0 Reply
  6. Anonymous Coward
    Anonymous Coward

    So you have the choice of cash from dodgy people or nothing from Adobe?

    Tough choice :)

    1 0 Reply
  7. John Smith 19 Gold badge
    FAIL

    Adobe : We don't pay our *staff* to find bugs in our code

    WTF would we pay anyone anyone else to do so either.

    2 0 Reply

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like