Open inson1 opened 10 months ago
It's not a cost issue, but rather a time issue. Someone has to respond to incoming reports and verify them. That's not a problem for valid true issues and vulnerabilities. But when you bring money into the equation you are unavoidably going to get semi-flooded with not-very-important-issues. And someone has to judge whether or not a specific issue is bounty-worthy or not. There is unavoidably going to be disputes where the reporter claim they should get cash but we really don't think the finding is a real threat in any way.
I think apps with bounty programs are safer. It doesnt cost that much. It would incentivize more developers to try find security risks and vulnerabilities. Plus its great advertisement almost for free.
https://www.reddit.com/r/VPN/comments/m736zt/vpn_comparison_table/