Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I don't believe any serious company does this. There are lots more companies running bounties than I could ever talk to, but I can't even fathom how the cost/benefit of this is supposed to work. It's a negligible amount of money, and a non-negligible reputation risk. I find it a lot more likely that the people who feel this happened to them either reported out-of-scope bugs, or collided with someone else.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: