Hacker News new | comments | show | ask | jobs | submit login

> Either you're a white hat and believe selling to malicious hackers is fundamentally wrong and you wouldn't do it at any price, or you're a black hat waiting for the right price.

That sentence is such a false dichotomy it's hard for me to take you seriously.

Is it evil to want to feel appreciated for your work? The message facebook is sending is that they honestly don't care if you find huge, potentially costly security holes in their software and go out of your way to let them no.

edit: It seems from reading other comments $4500 is actually quite reasonable. I was basing my comment on the author saying it was a "paltry fee".




Facebook is doing the right thing here. Very few companies have a responsible disclosure policy, much less a reward system.

You take a huge risk even notifying companies of a security flaw you found, since that usually implies you were doing unauthorized penetration testing and they'd have a case against you under the oh-so-wonderful CFAA. Or they'll just ignore you completely and never patch the flaw.


Huh? They cared enough to send him $4500 as a thank-you. Their obligation in this case was zero.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: