I worked in managing bug bounty programs at a previous job. If there is one thing I have learned it's that blog posts like this are heavily skewed towards making the problem seem much larger than it is. It's what gets the clicks, so it's not a surprise. It makes dealing with penetration testers and bug bounty participants really stressful and frankly, annoying.
Our policy was that we would be happy if someone were to discuss bounties we paid out for, but we wanted the discussion to be fair and accurate. It did not ever really feel like it was mutually beneficial relationship. I don't miss that work at all really lol.
Our policy was that we would be happy if someone were to discuss bounties we paid out for, but we wanted the discussion to be fair and accurate. It did not ever really feel like it was mutually beneficial relationship. I don't miss that work at all really lol.