daniel:// stenberg://Feb 4
Early anecdotal data: turning off the bug-bounty may not make much difference... 😱
Show threadbuheratorFeb 4
@bagder People probably pay less attention than you think (this is a general rule of thumb of mine), they may still assume there is monetary reward even without H1. IMO you should give it some time.
Show threaddaniel:// stenberg://Feb 4
@buherator yes, we need to give this time to settle in so this is for sure not a certain observation just yet
Show threadGina HäußgeFeb 4
@buherator @bagder I never even had a bug bounty for OctoPrint and yet I get slop (or crap) reports and beg bounty mails. But I used to be forced into huntr.dev, which at it's start handed out money for accepted issues in open source projects, and I slid into the CTO's DMs to get out of there as that definitely increased the amount of crap. So from my experience, not having a bounty program doesn't offer full protection against slop DDOS attacks, but it certainly helps long term.
Show threadOxyte 🥴🥴🥴🥴🥴Feb 4
@foosel @buherator @bagder I don't know whether "beg bounty" is a typo, but it's funny
Show threadspinnyspinlock
@oxyte @foosel @buherator @bagder https://www.troyhunt.com/beg-bounties/
Beg Bounties

When someone passed me hundreds of thousands of records on kids taken from CloudPets a few years ago [https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/] , I had a nightmare of a time getting in touch with the company. They'd left a MongoDB instance exposed to the public without a password and someone

Troy Hunt
Feb 4 at 2:16pmWeb