Craig HockenberryMay 14, 2024

A not fun fact: I didn't get a security bounty for a macOS release that was done specifically to address an issue I found.

https://mjtsai.com/blog/2024/05/14/no-bounty-for-kernel-vulnerability/

The rational was that I disclosed the issue publicly. Which I did after reporting it in the beta releases, and after they said “we're unable to identify an issue in your report”, AND AFTER THEY RELEASED THE FUCKING VULNERABILITY.

https://mastodon.social/@chockenberry/111580066311950281

I have no energy/desire to argue with Apple, but this ain't a good look for a $3T company.

Michael Tsai - Blog - No Bounty for Kernel Vulnerability

Show threadVermyndaxMay 14, 2024
@chockenberry @atlauren and you’re whining on X? Really? You should take this up privately with Apple.
Show threadAndrew LaurenceMay 14, 2024
@vermyndax my dude, do you know who CHOCK is?
Show threadVermyndaxMay 15, 2024
@atlauren My point is that you shouldn’t have to resort to posting publicly (let alone on X, which is a shitty place to be regardless). Praise in public, correct in private.
Show threadVermyndaxMay 15, 2024
@atlauren I don't know where my eyes replaced @chockenberry 's post with “X”, but it's clear I wasn't tracking properly last night.
Show threadAndrew LaurenceMay 15, 2024
@vermyndax I did wonder if the whiskey was involved. 🤣
Show threadVermyndax
@atlauren It *totally* was. Looking back at this stream I'm like... seriously, who was this guy? Sigh. Sorry all.
May 15, 2024 at 8:38pmWeb