Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
cybernoodles
on April 13, 2014
|
parent
|
context
|
favorite
| on:
Use after free bug in OpenSSL
It appears Heartbleed has riled up the Hound dogs. It's unfortunate the funds aren't available for bug bounties in OpenSSL.
regecks
on April 13, 2014
[–]
There are bug bounties for OpenSSL.
1.
https://hackerone.com/openssl
2.
https://www.google.com/about/appsecurity/patch-rewards/
midas007
on April 13, 2014
|
parent
|
next
[–]
Beware of the chilling effects of collecting Google bounties, they will claim a reward is invalid if you've blogged about the vuln outside of their timetable.
innoying
on April 13, 2014
|
root
|
parent
|
next
[–]
Isn't that common sense? If you disclose the bug publicly before it's patched you won't get the reward...
midas007
on April 13, 2014
|
root
|
parent
|
next
[–]
Sort of. But Google has a history of how it treats independent researchers.
leoc
on April 13, 2014
|
parent
|
prev
[–]
The prize money could stand to be a whole lot larger however.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
