undefined | Better HN

0 pointstptacek5y ago0 comments

That's a pretty normal price for an XSS.

0 comments

Dropbox and co pay $10,000 for the same exploit.

Then you should sell it to Dropbox, because $10,000 is extremely high for an XSS vulnerability.

I do not have the market rates for vulnerabilities, but I do know some pen testing companies charge $10,000 for a few days of work that may not return any concrete bugs.

Compared with hiring a pen testing team, offering high bounties seems like a bargain as you get actual exploits that would impact the company.

1 more reply

j / k navigate · click thread line to collapse