On Thu, Aug 6, 2020 at 12:46 PM Salz, Rich <rsalz@xxxxxxxxxx> wrote:
- It really depends on how complicated the website is. Lots of web software companies have bounty programs: <https://hackerone..com/bug-bounty-programs>
I stand by my opinion. I also don’t recommend H1 since you mentioned them.
Well, as someone who's triaged reports for a few of the larger websites in the world, I find them productive. They do generate a certain amount of noise, though.
As a reporter (just finding problems in software I'm using--I don't hunt for them), I find they're helpful because they cause companies to fix the bugs, even if they refuse to pay.
thanks,
Rob