
Bug Bounty Programs Are Being Used to Buy Silence - DyslexicAtheist
https://www.schneier.com/blog/archives/2020/04/bug_bounty_prog.html
======
dang
[https://news.ycombinator.com/item?id=22767506](https://news.ycombinator.com/item?id=22767506)
has the original source.

" _Please submit the original source. If a post reports on something found on
another site, submit the latter._ "

[https://news.ycombinator.com/newsguidelines.html](https://news.ycombinator.com/newsguidelines.html)

------
kerng
Seems plausible. My issue with companies that do bug bounties often is that
they appear to use it as a replacement (not an addition) for doing any
internal security or penetrating testing. Which at times is obvious by the low
hanging fruit that is sometimes found.

------
ncmncm
The comment there by "Impossibly Stupid" is at this moment the one most worth
reading, if you read just one.

