undefined | Better HN

story

0 pointsteruakohatu1y ago0 comments

They do not:

> Cox does not offer a bounty program or provide compensation in exchange for security vulnerability submissions.

https://www.cox.com/aboutus/policies/cox-security-responsibl...

0 comments

Mh, we have a similar thing on our website at work, but people who found serious issues still got compensated.

One big reason to put this out there: Otherwise you get so many drive-by disclosures. Throw ZAP at the domain, copy all of the low and informational topics into a mail at security@domain and ask for a hundred bucks. Just sifting through that nonsense eventually takes up significant time. If you can just answer that with a link to this statement it becomes easier.

It makes me a bit sad that this might scare off some motivated, well natured newbs poking at our API, but the spam drowned them out.

j / k navigate · click thread line to collapse

0 comments

tetha1y ago

Mh, we have a similar thing on our website at work, but people who found serious issues still got compensated.

It makes me a bit sad that this might scare off some motivated, well natured newbs poking at our API, but the spam drowned them out.

j / k navigate · click thread line to collapse