8 upvotes, 1 direct replies (showing 1)
View submission: Announcing Reddit’s Public Bug Bounty Program Launch
Bug bounty programs generally adjudicate based on risk. If an identical thing can be done using normal paths, it’s very unlikely that this bug actually has any risk. If this allows you to bypass rate limits or other controls you may be on to something though!
Comment by pcapdata at 15/04/2021 at 22:04 UTC
1 upvotes, 1 direct replies
If an identical thing can be done using normal paths, it’s very unlikely that this bug actually has any risk.
Sorry, just wanted to interject that this is not the case. Bug Bounty programs are at least partially a response to regulatory pressure. Regulators don't give a hoot if the user data that was scraped from a site is also available somewhere else--they'll still fine you into a smoking crater.