Main_pgoetlqlvde Anton Lopanitsyn (Bo0oM)
Posted: Mon Jan 20, 2025 5:28 am
VKontakte sometimes doesn't pay for bugs, but this is because there simply aren't enough hands to get to every report. People who demand money after publishing a bug are at best puzzling.
Information Security Specialist at ONSEC
"My opinion. If you want money, report it to the appropriate place oman mobile phone numbers database (in hackerone). If you make information publicly available, go to hell. It's just that "hackers" have become very greedy lately, because a new generation is coming. Low entry threshold, little knowledge. Here's a bug, give me money. <p>But it is necessary to fix the vulnerability in the code (and this is not always easy), test the patch (so that nothing crashes), replace the current code (just imagine how many servers VKontakte has and new source codes need to be placed there).
In general, I am happy with Bug Bounty, because I understand that this is not due to laziness, but most likely due to a lack of resources. Well, I understand the discontent of bug hunters"</p>
Kamil Khismatullin, the author of the solution to the vulnerability for closing private images, is also pleased with the work of Bug Bounty.
Main_ixciob5jlay
Camille
Khismatullin
Independent Information Security Specialist
"The experience of working with the new VK Bug Bounty program is very positive. It's good that you can correspond with the guys in Russian, and the size of the rewards is almost comparable to companies like Google and Yahoo. The delay in responses is a bit sad, but it's understandable: other companies have entire teams and departments that work with hackers and fix bugs, and VK, as far as I know, only has 2-3 people working on this"
Artem Dizychev clarifies that Bug Bounty works on the principle of the first to contact, the one who receives the reward. The amount is determined by the criticality of the vulnerability.
Information Security Specialist at ONSEC
"My opinion. If you want money, report it to the appropriate place oman mobile phone numbers database (in hackerone). If you make information publicly available, go to hell. It's just that "hackers" have become very greedy lately, because a new generation is coming. Low entry threshold, little knowledge. Here's a bug, give me money. <p>But it is necessary to fix the vulnerability in the code (and this is not always easy), test the patch (so that nothing crashes), replace the current code (just imagine how many servers VKontakte has and new source codes need to be placed there).
In general, I am happy with Bug Bounty, because I understand that this is not due to laziness, but most likely due to a lack of resources. Well, I understand the discontent of bug hunters"</p>
Kamil Khismatullin, the author of the solution to the vulnerability for closing private images, is also pleased with the work of Bug Bounty.
Main_ixciob5jlay
Camille
Khismatullin
Independent Information Security Specialist
"The experience of working with the new VK Bug Bounty program is very positive. It's good that you can correspond with the guys in Russian, and the size of the rewards is almost comparable to companies like Google and Yahoo. The delay in responses is a bit sad, but it's understandable: other companies have entire teams and departments that work with hackers and fix bugs, and VK, as far as I know, only has 2-3 people working on this"
Artem Dizychev clarifies that Bug Bounty works on the principle of the first to contact, the one who receives the reward. The amount is determined by the criticality of the vulnerability.