A Bug in the Bugbounty

nodata · on Dec 3, 2013

The program has a limited scope for now, because these subdomains are the high priority areas to make Prezi more secure for our users.

How is their source code repo not a high priority to make Prezi secure?

halacsy · on Dec 4, 2013

We removed the source code repo from out-of-scope domains. On the other hand: opening the source should not make prezi insecure ;)

hp, prezi cto

nodata · on Dec 4, 2013

Well write access to the prezi source could make prezi insecure...

agrias · on Dec 3, 2013

I'm glad they decided to reward Shubman Shah and I hope for the future this will help set a precedence on better communication and what deserves compensation.

moonka · on Dec 4, 2013

> To improve the program from now on we will reward bug hunters who find bugs outside of the scope provided that they do not violate our users’ information and that their report triggers us to improve our code base. We will also retroactively check to see if other reports found issues that fall into this category.

Do they say that they are going to reward him? I haven't seen that stated anywhere yet.

halacsy · on Dec 4, 2013

yes, we are going to reward the bug and even retroactively we will check to see if other reports found issues that fall into this category