You are viewing a single comment's thread.

view the rest of the comments →

0
1

[–] derram 0 points 1 point (+1|-0) ago 

https://archive.ph/W9rcS :

2019-02-05 | I won't bother hunting and reporting more Sony zero-days, because all I'd get is a lousy t-shirt • The Register

'"In addition to the two cases I reported to them, there are still other potential critical vulnerabilities," Figueiredo told The Register. '

' But it's also fine for organizations and governments not to pay bug bounties, especially if they haven't put a bunch of thought into structuring the incentives."'

'Those flaws were rated as a critical risk, and earned Figueiredo recognition on the hacktivity page of HackerOne, hired by Sony to handle its bug bounties. '

'Such was the case with João Figueiredo, a researcher in Brazil who tracked down and reported remote code execution vulnerabilities in two websites run by Sony and Sony Pictures. ', "It could, however, have been an even bigger disclosure, with potentially more security holes in the entertainment giant's systems reported, had Sony offered Figueiredo better incentives."


This has been an automated message.