1. 19

  2. 3

    I always thought nda something you sign for example when you get a job basically saying you will not say what your company say to you or what you learn while you were an employee. But here it is a totally different case, it is basically just bye the silence of someone. I believe it is no different of what happen typically in us judicial system which more or less just let criminal buy the silence of victims and continue their business as usual. The point of bug bounty is to secure your software before the bad guy break it, it was never supposed to be a way to not patch your software in the hope there is no bad guy outside.