Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
rootusrootus
on July 30, 2019
|
parent
|
context
|
favorite
| on:
Google reveals fistful of flaws in Apple's iMessag...
Apple has a bug bounty program, yes? Are they paying Google for these?
devrand
on July 30, 2019
|
next
[–]
Project Zero does not accept bounties. They generally ask for the money to be donated.
rootusrootus
on July 30, 2019
|
parent
|
next
[–]
Makes sense. The bug bounty is meaningful money to an individual but it's just a pittance to Google.
saagarjha
on July 30, 2019
|
root
|
parent
|
next
[–]
I'd assume it also helps avoid the perception of a conflict of interest.
saagarjha
on July 30, 2019
|
prev
|
next
[–]
Apple's program has a few very specific classes of bugs that they pay out bounties for: these bugs probably don't qualify.
bobviolier
on July 30, 2019
|
prev
[–]
Probably not. I think that most of those bounties can only be redeemed when you sign an NDA.
jefftk
on July 30, 2019
|
parent
[–]
Who requires an NDA? I don't believe Google does:
https://www.google.com/about/appsecurity/reward-program/
(Disclosure: I work for Google)
bobviolier
on Aug 3, 2019
|
root
|
parent
[–]
I meant the NDA from the party where the bug is reported, Apple in this case.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
