alt Hacker News1-hope folks don’t resort to that
2-@C-suite, look what y’all wrought saving a penny, pls fix
(btw #1 is my polite way of saying “don’t do it!” - plea as I might, if the thinking gains traction people will sell more 0days anyway, so might as well fix bounty programs now before it’s in the news)
I'm not advocating for any behavior in particular. It could be anything from telling the company, to saying nothing, to doing something evil with it. It's each individual's choice. I just wanted to reiterate it so the folks in the back of the room hear that it is a matter of routine for companies to deny paying out legitimate bug bounties at this point and that should be known to the bug finders when deciding what to do. Whether or not or how it affects or influences their decision is up to them.