
A Bug in the Bugbounty - coloneltcb
http://engineering.prezi.com/
======
nodata
_The program has a limited scope for now, because these subdomains are the
high priority areas to make Prezi more secure for our users._

How is their source code repo not a high priority to make Prezi secure?

~~~
halacsy
We removed the source code repo from out-of-scope domains. On the other hand:
opening the source should not make prezi insecure ;)

hp, prezi cto

~~~
nodata
Well write access to the prezi source could make prezi insecure...

------
agrias
I'm glad they decided to reward Shubman Shah and I hope for the future this
will help set a precedence on better communication and what deserves
compensation.

~~~
moonka
> To improve the program from now on we will reward bug hunters who find bugs
> outside of the scope provided that they do not violate our users’
> information and that their report triggers us to improve our code base. We
> will also retroactively check to see if other reports found issues that fall
> into this category.

Do they say that they are going to reward him? I haven't seen that stated
anywhere yet.

~~~
halacsy
yes, we are going to reward the bug and even retroactively we will check to
see if other reports found issues that fall into this category

