undefined | Better HN

0 pointsvehementi12y ago0 comments

You seem to be making an awful lot of excuses to not just pay someone who brought to light a critical exploit. Do you work on the security team or are you a lawyer (maybe with a panicking accountant looking over your shoulder) trying to find fine print reasons say, "Aha! We can save money to our bottom line in this instance!" ? Do you know how silly it looks for you to make these excuses?

0 comments

tptacek12y ago

This is pretty silly. Facebook obviously doesn't care about the dollars here; if anything, I'd imagine they want to be paying more bounties.

vehementiOP12y ago

Oh man! If only they could fix the situation!

tptacek12y ago

You're willfully ignoring what the situation actually is.

1 more reply

arjie12y ago

I remember a comment by you saying that most exploits are not that valuable. How valuable would this one have been?

esailija12y ago

It looks like preserving the integrity of their ToS to me. If you believe it is because of $500, you are a total idiot and I will not talk to you.

hrjet12y ago

If you think good hackers report security bugs for $500, I am tempted to call you a total idiot too (though I will not).

Consider what motivates people more deeply.

esailija12y ago

That is a vague reply with no apparent relevance to anything I said except the amount $500 which was not to be taken literally. My point was that facebook isn't doing this to save money and believing so is idiotic.

1 more reply

j / k navigate · click thread line to collapse

0 pointsvehementi12y ago0 comments

0 comments

tptacek12y ago

This is pretty silly. Facebook obviously doesn't care about the dollars here; if anything, I'd imagine they want to be paying more bounties.

vehementiOP12y ago

Oh man! If only they could fix the situation!

tptacek12y ago

You're willfully ignoring what the situation actually is.

1 more reply

arjie12y ago

I remember a comment by you saying that most exploits are not that valuable. How valuable would this one have been?

esailija12y ago

It looks like preserving the integrity of their ToS to me. If you believe it is because of $500, you are a total idiot and I will not talk to you.

hrjet12y ago

If you think good hackers report security bugs for $500, I am tempted to call you a total idiot too (though I will not).

Consider what motivates people more deeply.

esailija12y ago

1 more reply

j / k navigate · click thread line to collapse