Hacker News new | past | comments | ask | show | jobs | submit
gnfargbl | on: Mastercard DNS error went unnoticed for years
The Bugcrowd portion of this story is not something I expected to see. The screenshot of the mail is apparently sent from the "Platform Behavior Standards Team," which means that either Bugcrowd are taking a rather expansive view of their platform standards [1] by attempting to police behaviour outside the platform, or Mastercard are impersonating official Bugcrowd staff.

Neither option is particularly palatable.

[1] https://www.bugcrowd.com/resources/hacker-resources/platform...

xnorswap | parent | next
Someone else here, although I don't remember who, regularly argues that Bug Bounty platforms exist to capture and prevent responsible disclosure, not encourage it.

If they're regular enough to see your comment, they may be able to expand the idea and explain it better.

loading story #42796938
loading story #42801763
loading story #42796010
ApolloFortyNine | parent | next
The wording is also downright terrible. It's phrased as if you've been judged to have done wrongdoing, and your options are to either comply or ask for further clarification why you're in the wrong. No chance given to explain how you're not the one at fault.
bflesch | parent | next
From my experience BugCrowd attempts everything to tarpit and delay reports from reaching the actual company. From company perspective this reduces cost (less bounties paid out and less reports to screen by their own staff) while at the same time having plausible deniability for legal reasons.
jamespo | parent
I'm sure there are Bugcrowd employees here, perhaps they can explain that email