Hacker News new | past | comments | ask | show | jobs | submit login

While this is somewhat trivial, what kind of money do companies pay when you submit a security bug? What would Paypal pay?

For the Bug mentioned in this post it was $500.

PayPal pays a lot less than other companies that are serious about their security. A bug like the one in the post could be sold on the black market for thousands and thousands more.

Wow, that's barely worth anyone's time. They must not really care that much.

If they wanted to pay it like they were paying an employee... they'd just do that. They don't want to.

ideally you would think they would pay more than the blackmarket rates for the bugs. it's a capitalist economy in the bug markets.

Applications are open for YC Winter 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact