Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I was part of "big corp" for the past three years and was involved in many bug bounty reports. A reasonable claim like "I think this should be higher because XYZ" gets investigated and, if justified, higher bounties issued.

This blog post seems a bit one-sided and doesn't correlate to the facts that I have heard. I wasn't there at the time being so I don't know the truth. But that blog post seems not quite 100% to be it.

What I have seen, however, in the past years, is that some people omit facts or misrepresent things to get some press. So I am quite a cynic on blog posts like this :-)



> A reasonable claim like "I think this should be higher because XYZ" gets investigated and, if justified, higher bounties issued.

That's highly dependent on the individuals and the company doing the bounty. It's incredibly reasonable that people are suspicious of the process, when it is opaque as it is, and the disparity in negotiating power being the company and the person submitting the bug.

My personal experience is the FB bug bounty process has been generally positive, but inconsistent at times in the graded severity of issues and transparency of the decisions being made. I've clearly presented my case, and asked for additional information, but not gotten very far. My only real option in response is in how I allocate my time.

Having reports and payout amounts be permanently hidden results in stories like this being the only insight to the process.


Well, it includes verbatim copies of the whole email chain, and those are looking pretty bad in itself without any of the surrounding text.

Unless you're saying they've been tampered with, or that there was additional communication in between that he omitted, it seems pretty clear that this is not a professional way to handle communications.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: