back to article New Relic offers security researchers cred – not cash – for bug reports

Analytics firm New Relic has coupled up with vuln disclosure firm HackerOne as part of a “responsible disclosure program” for bugs. But while it pledges not to take legal action against anyone spotting a hole, it won’t be ponying up cash for them either. Instead, New Relic is banking on researchers, or just the curious, being …

  1. Anonymous Coward
    Anonymous Coward

    Obvious reference is obvious: http://theoatmeal.com/comics/exposure

    1. wolfetone Silver badge
      Coat

      Didn't You Know?

      Exposure is an acceptable form of currency to pay your mortgage and rent.

      #Fact.

  2. Ru'

    "No you won't get paid for doing our jobs for us. But look on the bright side, at least we won't get you jailed."

    Where do I sign up?

  3. moiety

    Well at least the tight bastards stated it upfront rather than trying it on after the work is done. It's still going to burn them, though.

    1. Anonymous Coward
      Anonymous Coward

      It's still going to burn them, though.

      Ooooh yes. I suspect there will be exposure. Just not quite the kind they were hoping for.

      I think there are better ways to search for vulnerabilities than painting a big red target on your back, but that's just me.

  4. Anonymous Coward
    Anonymous Coward

    I prefer bugcrowd personally - which gives both cred + cash / swag: https://www.bugcrowd.com

  5. David Austin

    Bug Bounties

    I thought the entire point of Bug Bounties was to make being a Whitehat more profitable than being a blackhat, thereby nudging the grayhats into doing the right thing(tm)

  6. Captain DaFt

    Decisions, decisions

    New Relic:

    Show us our vulnerabilities and get exposure and street cred!

    Terms and conditions apply. Violating our terms and conditions may result in prosecution.

    Shady onion site:

    Show us New Relics vulnerabilities and get CASH! Anonymity Guaranteed! Jail? No way, we're really the NSA!

  7. redpawn Silver badge

    Charge the White Hats

    White hats should be charged for finding bugs. Perhaps $50 for minor bugs and $1000 for major bugs. This would help defray the costs of correcting code and pay for the printing of frameable certificates of appreciation. Frames are extra.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019