back to article Hacker, Bromium donate $30,000 in bug bounty cash to charity

Google hacker Tavis Ormandy and security firm Bromium have handed Amnesty International US$30,000 (£20,443, AU$40,242) in bug bounty cash awarded after the former broke the latter's security controls. Ormandy donated his US$15,000 (£$10,214, A$20,104) winnings under Bromium's hacking challenge, in which researchers were …

  1. Chewi
    Thumb Up

    I've said this several times but never posted it. Tavis, you are awesome.

  2. Mephistro Silver badge
    Thumb Up

    Thumbs up for Bromium as well!

    Other vendors should take notice. This is the way to treat researchers discovering bugs in your products. Definitely, suing them is not the way to go.

  3. El Limerino
    Megaphone

    A good PR save by messers Crosby et al. Bromium had no bug bounty (which is common practice at start-ups, especially those in security) prior to this marketing BS exercise of daring anyone to break their product. Then someone promptly broke it. Twice. As they admit, they didn't expect that. Ooops. Red faces all round. Better start a bug bounty program and pay up, then launch marketing BS in the form of Crosby saying how someone quickly deflating Bromium's hubris by doing what they expected nobody to do was a great and noble thing. Well it was, just not in the way Mr Crosby spins it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019