Comment on Bug bounty denied? Hmmm ... OK, let's see ...

<- View Parent
Dave@lemmy.nz ⁨2⁩ ⁨months⁩ ago

I can see both angles of this. Especially since the original disclosure didn’t have the full detail of how it could be exploited to access company systems, and they (the writeup author) never disclosed that update.

You can see how a large company could miss this in the multitude of people trying to claim bug bounties. I fully believe that had they understood the issue they should have fixed it, since it’s within their power and basically a service to their clients. But I can understand how the limited detail in the original disclosure demonstrated a much lower level risk than the end exploit that was never reported.

source
Sort:hotnewtop