On Thu, Aug 6, 2020 at 1:15 PM Jay Daley <jay@xxxxxxxx> wrote:
> On 7/08/2020, at 8:04 AM, Salz, Rich <rsalz=40akamai.com@xxxxxxxxxxxxxx> wrote:
>
> The IETF website is not worth people hacking. If you had a bounty program in my view you’d get things like “I can read your .htaccess file” or the equivalent – nobody cares.
I’ve run a bounty program that got exactly that, all from individuals using automated tools. We paid in the region of $20 - $50 and after about 20 or so they dried up...
This is pretty low. For example, see <https://hackerone.com/twitter?type=team>
The point about reports "drying up" is a good one, though. The value of operating the program can decline if the software is low-churn.
thanks,
Rob
