Obvious reference is obvious: http://theoatmeal.com/comics/exposure
Analytics firm New Relic has coupled up with vuln disclosure firm HackerOne as part of a “responsible disclosure program” for bugs. But while it pledges not to take legal action against anyone spotting a hole, it won’t be ponying up cash for them either. Instead, New Relic is banking on researchers, or just the curious, being …
Didn't You Know?
Exposure is an acceptable form of currency to pay your mortgage and rent.
"No you won't get paid for doing our jobs for us. But look on the bright side, at least we won't get you jailed."
Where do I sign up?
Well at least the tight bastards stated it upfront rather than trying it on after the work is done. It's still going to burn them, though.
It's still going to burn them, though.
Ooooh yes. I suspect there will be exposure. Just not quite the kind they were hoping for.
I think there are better ways to search for vulnerabilities than painting a big red target on your back, but that's just me.
I prefer bugcrowd personally - which gives both cred + cash / swag: https://www.bugcrowd.com
I thought the entire point of Bug Bounties was to make being a Whitehat more profitable than being a blackhat, thereby nudging the grayhats into doing the right thing(tm)
Show us our vulnerabilities and get exposure and street cred!
Terms and conditions apply. Violating our terms and conditions may result in prosecution.
Shady onion site:
Show us New Relics vulnerabilities and get CASH! Anonymity Guaranteed! Jail? No way, we're really the NSA!
Charge the White Hats
White hats should be charged for finding bugs. Perhaps $50 for minor bugs and $1000 for major bugs. This would help defray the costs of correcting code and pay for the printing of frameable certificates of appreciation. Frames are extra.