I completely agree. I also think that this kind of post on full-disclosure should be used as an example of what-not-to-do.
I've always treated vuln reward programs as resume enhancers. If you submit a bug and get it fixed, you get to show two incredibly valuable and rare skills in the infosec community:
1) technical chops
2) interpersonal skill
Disclosers who have the patience to endure some of the bullshit that comes up in these programs are going to be successful in the security industry. The hardest problems in infosec are not technical. They are cultural. Publicly flaming a vuln reward program because they didn't pay you for what you see as an arbitrary reason is exactly the kind of reason execs do not want to do vuln reward programs. Someone had to fight to get that program set up at paypal. It had to be within the laws of the country that governs the company. This kid just through a temper tantrum in public and signed his name on the email. Any advocates he had at paypal are probably re-evaluating their support of him. So short sighted.
I completely agree. I also think that this kind of post on full-disclosure should be used as an example of what-not-to-do.
I've always treated vuln reward programs as resume enhancers. If you submit a bug and get it fixed, you get to show two incredibly valuable and rare skills in the infosec community:
1) technical chops 2) interpersonal skill
Disclosers who have the patience to endure some of the bullshit that comes up in these programs are going to be successful in the security industry. The hardest problems in infosec are not technical. They are cultural. Publicly flaming a vuln reward program because they didn't pay you for what you see as an arbitrary reason is exactly the kind of reason execs do not want to do vuln reward programs. Someone had to fight to get that program set up at paypal. It had to be within the laws of the country that governs the company. This kid just through a temper tantrum in public and signed his name on the email. Any advocates he had at paypal are probably re-evaluating their support of him. So short sighted.