Hacker News new | comments | ask | show | jobs | submit login

> An amount of CHF 150'000.- is available for compensations.

Seems to me like this is the wrong approach. Essentially, they’re saying they they have no idea how much they can pay per bug.

A sensible approach would be to insure bug bounties, at least up to the amount that a black hat could profit from compromising the system.






Good luck getting a legislature to sign off on an unlimited bug bounty budget though...

An insurance policy would suffice.

Good luck insuring this. I'm pretty sure the insurance premium will be the same as the actual cost.

They have a table below that with amounts listed for different types of bugs.

I'm guessing the 150'000 means they'll stop paying for new bugs once they've reached that amount.


What it means is that they only have a budget of 150k CHF for all of the compensations they have to pay out. So if there are 4 bugs that would amount to 50k per bug, then only first 3 would get compensated and the rest would not.

Source: [1] -> Q&A regarding the public intrusion test -> Is the federal government allowed to pay for hacker attacks?

[1]: https://www.bk.admin.ch/bk/en/home/politische-rechte/e-votin...




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: