Autski t1_j24gkz6 wrote on December 29, 2022 at 4:23 PM

Reply to comment by chrisdh79 in Google Home speakers allowed hackers to snoop on conversations by chrisdh79

Love their incentive program to pay guys who find bugs like that.

asdaaaaaaaa t1_j24nc8i wrote on December 29, 2022 at 5:07 PM

Bug/vulnerability bounties are a pretty good way to getting results, especially for those hard to figure out ones that deal with a specific issue. Otherwise, there's a much bigger incentive to sell the vulnerability to someone else, or use it for nefarious reasons.

imeeme t1_j24w9h0 wrote on December 29, 2022 at 6:04 PM

Smart way to avoid much larger liabilities.

laffer1 t1_j26lhp6 wrote on December 30, 2022 at 12:52 AM

The downside is that people expect it now from everyone. When you run a small open source project and folks try to hold you hostage to pay, it sucks. Plus a lot of folks do scans all the time hoping to find a vulnerability against your servers

ImN0tAsian t1_j279uw3 wrote on December 30, 2022 at 3:51 AM

Well, the bug-rewarding is in response to extortion via ransomware, so it goes both ways, sadly. I'd rather pay a smaller sum to reward white hats than risk losing an operation.

[deleted] t1_j2buzrf wrote on December 31, 2022 at 2:28 AM

[removed]