Skip to content

4 Comments

bug bounty program bug, steps to reproduce:
1. get a friend developer at Apple or Google or other big company give you a list of bugs to be fixed in the next release.
2. report a bug.
3. receive payouts
4. share profit with the friend

There are three problems with this plan: [1] it’s fraudulent, so the side-effects for you and your friend if you get caught are likely to be quite serious, [2] you might struggle to explain the bug and how you found it, which would raise suspicions about how you came by it (and see [1]), and [3] all bug bounties I have seen pay out only for previously undiscovered bugs (and see [2]).
So you wouldn’t be eligible for any money anyway, and you would raise suspicions about the source of your “research” and your credibility as a researcher.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?