alt Hacker NewsIt's at the minimum a bit impolite to leave the system more vulnerable in between sending the report and the report being received and acted on.
It's at the minimum a bit impolite to leave the system more vulnerable in between sending the report and the report being received and acted on.
It didn't become any more vulnerable.
This is security, you have to have procedures for when you get owned; the bug bounty program is orthogonal to that.
If they wiped prod db and put up goatse on my site I would have still paid and said thank you provided I was told how that was done.