
Bug bounties and NDAs are an option, not the standard - zdw
https://mjg59.dreamwidth.org/52432.html
======
lidHanteyk
I wonder about what I should do if I stumble across a bug in a closed-source
or proprietary system. I've had experiences where I've written a script and it
has happened to provoke some funny behavior in somebody else's system. Do I
just publish it somehow? Do I anonymously send it to them? I worry that if I
didn't publish information about the bug, then nobody would ever fix it.

~~~
drivingmenuts
Ultimately, it's up to your morals and ethics. It seems like there are more
and more people who won't do something for the general good, but instead will
only do it if there's some sort of reward specifically for them. I don't think
it's an open-source vs. closed-source problem - I think it's just people being
unwilling or unable to empathize. These people have always existed, but
there's more of them and there are more avenues to expose them.

~~~
krageon
I don't think empathising with a company is expected behaviour for anyone.

------
borumpilot
Yet, but Bug Bounty Programs in the corporate world are on the rise. I predict
a true wave of them coming in the next 1 to 2 years. Even Gardner wrote
positively about it (the report is paywalled).

