Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It isn't a choice between "bother to submit or not", it's a case of a white-hat might be encouraged to look into this product rather than another product because of the bounty.

So the end effect is more bugs found by "white hats" rather than "black hats" because the bounty has focused the "white hat" efforts on your program. (Or encouraged them to look at all.)

I'm likely to poke around a site with a bug bounty even with small sums just because it hints at a more formal process and also likely means they have a sensible policy about not going after testers.

Bug bounties are as much about signalling than encouraging "black hats" to suddenly turn to the light side.



Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: