Re: Bounty: Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement

To: Rob Sayre <sayrer@xxxxxxxxx>
Subject: Re: Bounty: Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement
From: "Salz, Rich" <rsalz=40akamai.com@xxxxxxxxxxxxxx>
Date: Thu, 6 Aug 2020 19:46:12 +0000
Cc: "ietf@xxxxxxxx" <ietf@xxxxxxxx>
In-reply-to: <CAChr6SzXswgpjUJUWN=xhB2QiBn7FYEUJYos1+5WTjS_3oantg@mail.gmail.com>
References: <B8EC2B88-81B7-47F4-A9DF-34A49077857E@cable.comcast.com> <C20C9BA2-549D-4326-B77E-D8E6A2DE7511@akamai.com> <CAChr6SzXswgpjUJUWN=xhB2QiBn7FYEUJYos1+5WTjS_3oantg@mail.gmail.com>
User-agent: Microsoft-MacOutlook/16.39.20071300

It really depends on how complicated the website is. Lots of web software companies have bounty programs: <https://hackerone.com/bug-bounty-programs>

I stand by my opinion. I also don’t recommend H1 since you mentioned them.

Follow-Ups:
- Re: Bounty: Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement
  - From: Rob Sayre

References:
- Re: Bounty: Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement
  - From: Livingood, Jason
- Re: Bounty: Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement
  - From: Salz, Rich
- Re: Bounty: Consultation on DRAFT Infrastructure and Services Vulnerability Disclosure Statement
  - From: Rob Sayre