undefined | Better HN

0 pointsskizm9y ago0 comments

I think the point is 1) it encourages more people to go the black hat way and 2) $1000 just isn't worth all the time people spend not finding bugs before finding one. So no one is encouraged to look in the first place except maybe the few who find it fun to do in their free time.

Side-note: isn't there a grey market that buys exploits (for sums of ~$100k depending on the exploit) and sells them to government agencies or larger corporations? I think I remember one company charged $500k / year to companies and government agencies who wanted access to their "exploit database". Seems like this is the best route to go with these kinds of exploits since it is completely legal.

0 comments

edanm9y ago

"I think the point is 1) it encourages more people to go the black hat way".

How many times have people had to pay you not to commit felonies that are a) immoral, and b) could land you in jail?

I think most people don't need monetary encouragement not to turn black hat.

j / k navigate · click thread line to collapse

0 pointsskizm9y ago0 comments

0 comments

edanm9y ago

"I think the point is 1) it encourages more people to go the black hat way".

How many times have people had to pay you not to commit felonies that are a) immoral, and b) could land you in jail?

I think most people don't need monetary encouragement not to turn black hat.

j / k navigate · click thread line to collapse