RE: Zero Day Vulnerability
(Edited)
You are viewing a single comment's thread:
Trouble is he did found the vulnerability and did exploit it to prove that it can be done.
Knowing that, what would be a fair value that he can ask, and we can pay. Provided if we want to pay.
0
0
0.000
Exploiting it as proof of concept isn't the problem. Did he then ransom it? If so, that isn't really white hat, it is racketeering or something. :)
This is where it gets Grey.
Did he or did he not.
He did return the tokens. But he did so under threat. So I don't know how to classify it. So I am asking...
Here people go to jail for something like that or much less...
So I don't really know...
IMHO, you must pay Louis, as taraz said people should know there is a bounty that would be paid in case they found a vulnerability and report it.
The best course of action in this scenario could be to fix a amount that should be paid to Louis and for the future efforts made by anyone in this regard. As Louis returns the amount after being threatened, you can cut out a penalty amount from that total. This penalty amount could be fixed too for future, as well.