1 bug, $50,000+ in bounties, how Zendesk intentionally left a backdoor in hundreds of Fortune 500 companies - zendesk.md

  • ByteOnBikes@slrpnk.net
    link
    fedilink
    English
    arrow-up
    4
    ·
    17 days ago

    It’s a terrible way to take your company rank on these security forums.

    When a company does that (pretend like they discovered the issue to avoid paying a bounty), they often end up on a shit list where bored hackers pentest them for funsies and then release the vulnerability in the wild.

    Source: Im on the team at my job that pays hackers and their streams frequently broadcast shitty companies that refuse to pay.