Ask HN: Bug Bounty Dilemma – Take the $$ and Sign an NDA or Go Public?

5 hours ago 1

Hi everyone,

I recently found a high-criticality vulnerability in a listed consumer company in the UK. It allows unauthorized access to users’ private messages and even lets you impersonate other users on the platform.

They’ve offered a €1,000 bounty, but only if I sign an NDA that prevents any public write-up—even after the issue is patched.

I feel the bounty is too low for the impact, and asking to sign an NDA that prevents any public disclosure even post-fix feels like a big red flag.

I’m leaning towards declining the offer and doing a public write-up once the issue is fixed—but I’d really welcome opinions from others on what the right thing to do here is.

Thanks!

Read Entire Article
  1. Homepage
  2. Technology
  3. Ask HN: Bug Bounty Dilemma – Take the $$ and Sign an NDA or Go Public?

Related

Traits of next generation reasoning models [video]

Traits of next generation reasoning models [video]

8 minutes ago 0
Is it easy to integrate GitHub with Monday Dev for development teams?

Is it easy to integrate GitHub with Monday Dev for developme...

9 minutes ago 0
Recover 15–50% of web analytics data lost to ad blockers and privacy tools

Recover 15–50% of web analytics data lost to ad blockers and...

10 minutes ago 0
Hostinger Web Hosting