Malicious Reporters
Explore how to respond to malicious reporters within bug bounty programs. Understand situations where researchers may demand payments before revealing vulnerabilities and learn strategies to protect your organization while maintaining ethical collaboration.
We'll cover the following...
We'll cover the following...
Ignore malicious reporters… usually
From time to time you might bump into a security researcher that doesn’t play by the traditional rules. They might demand a payout before revealing what the vulnerability is. My suggestion, in these cases, would be to ignore the reporter or simply re-iterate the program’s rules. It might not always be possible to play hardball though, as your organization’s existence might be under threat. Please make a very reasoned choice and ...