1. 27
  1.  

  2. 8

    Response: https://lobste.rs/s/nz91ga/bug_bounty_ethics

    Sounds pretty sketchy.

    1. 3

      To be fair, according to the timeline it looks like he did take over a month to report the last vuln after he found it (AWS keypair).