> It's also disappointing that EA has yet to start a bug bounty program. Without...

jandrese · 2024-11-05T17:08:19 1730826499

It's not true that they got nothing. There's always the possible threat of legal action against them for reporting the vulnerabilities.

gchamonlive · 2024-11-05T17:46:35 1730828795

I mean, after all, that's what we are all here for right? Fish and legal liability.

acheong08 · 2024-11-05T17:51:22 1730829082

It's disappointing how many companies don't offer a bug bounty. I have a hoard of vulnerabilities I've found over the years just sitting in my head. It doesn't help that there are legal risks with reporting them & they can technically sue you to hell (EU/UK)

gosub100 · 2024-11-05T18:15:14 1730830514

It's probably the result of some very backward-thinking rationale: "If we get hacked by the bad guys, our shareholders will point to these bounties and say 'wait, you're activetly paying people to hack you and now they did and you're going to have to write down and additional $X Million?'. " Execs afraid of having egg on their face, perhaps.

caseyy · 2024-11-05T23:23:18 1730848998

It’s probably more in line with “no one reported any bugs so probably there aren’t any”.

gosub100 · 2024-11-05T23:49:24 1730850564

yeah it could go that direction too: "hey, you paid these people to find bugs, they found one, you paid them a princely sum, and this exploit that cost the company $X Million was based on that bug. Why are you paying people to help hackers destroy your company?!?"

Cthulhu_ · 2024-11-06T09:53:30 1730886810

That's how people go to the shadier side of the internet to sell their information to the highest bidder.

richbell · 2024-11-05T16:49:02 1730825342

> Does that mean the author got nothing for reporting this?

Correct.