Third party vendors don't buy vulnerabilities on Google's infrastructure and web... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		askesisdev on July 27, 2021 \| parent \| context \| favorite \| on: Google launches new vulnerability reward platform Third party vendors don't buy vulnerabilities on Google's infrastructure and web services. Third parties like Zerodium are interested in 0days on Android, iOS, Windows, Chrome... You could try to sell it to criminal organizations or monetizing the vulnerability yourself, but it doesn't make any sense to be in that situation if you are making six figures as a bug bounty hunter.. even if you didn't have any ethical qualms regarding such acts.

mtnGoat on July 28, 2021 [–]

False: Seven figures trumps six.

Think like a mercenary.

tptacek on July 28, 2021 | [–]

No criminal organization is paying 7 figures for serverside vulnerabilities. They're not even paying 5 figures for them.

mtnGoat on July 28, 2021 | | [–]

5 figures is the minimum for good ones. $10k ain’t much.

Guess you need to meet richer criminals.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact