Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Good point.

The problem I know of is a bit different, in that it is a direct and immediate server crash. It's not a denial of service by making the cluster slow. It's run-query, crash-server.

You are right of course that any normal user can issue crazy queries which hog resources, and hammer performance.




I would just reach out to AWS directly: why go through hacker one?

They have a direct email and are responsive. If the issue meets their criteria then you get a payout.


I Googled for AWS bug bounty programs.

I found nothing.

Do you have a URL of any kind, for more information about this, including contacts?


https://aws.amazon.com/security/vulnerability-reporting/

I wouldn’t expect a bounty for something like this, but I believe the above is the correct avenue for reporting it.


aws-security@amazon.com - it’s very clearly the first result when you search “AWS security report”.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: