RE: Zero Day Vulnerability
You are viewing a single comment's thread:
Exploiting it as proof of concept isn't the problem. Did he then ransom it? If so, that isn't really white hat, it is racketeering or something. :)
0
0
0.000
This is where it gets Grey.
Did he or did he not.
He did return the tokens. But he did so under threat. So I don't know how to classify it. So I am asking...
Here people go to jail for something like that or much less...
So I don't really know...
IMHO, you must pay Louis, as taraz said people should know there is a bounty that would be paid in case they found a vulnerability and report it.
The best course of action in this scenario could be to fix a amount that should be paid to Louis and for the future efforts made by anyone in this regard. As Louis returns the amount after being threatened, you can cut out a penalty amount from that total. This penalty amount could be fixed too for future, as well.