Hacker News new | comments | show | ask | jobs | submit login

> how exactly do you propose that they write a policy that compensates people for violating the security of their users? Not the security of Facebook, but the integrity of their actual users.

In the appropriate language: https://news.ycombinator.com/item?id=6231153

Otherwise, you should make some good faith effort to not assume devious intentions on someone making a good faith effort to report problems.

> They just can't pay him for having demonstrated a vulnerability by hacking someone's account.

Technically, according to the security person at Facebook, it wasn't a bug. When he did the same thing again on Mark Z's account, it suddenly became hacking. Yeah, he didn't follow a procedure that wasn't available to him in his native language, but he made a good faith attempt to report the bug, and did so several times.

> But good intentions aren't always enough.

Several attempts to contact them despite being told the actions he was taken was not a bug despite clearly explaining why it was?

Applications are open for YC Summer 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact