I’m The Captain Now: Hijacking a global ocean supply chain network
16 points by mtlynch
16 points by mtlynch
How much money could someone who finds such critical vulnerabilities expect as a reward from the companies affected by them?
For highly visible FAANG-type companies, the rewards are fairly high. For example, Meta pays $130k for an account takeover bug.
For no-name companies or not tech-oriented companies, the bounty is usually insultingly low (like $50 or a T-shirt), or the company threatens you with criminal prosecution.