A team of seasoned bug hunter move that highlights the perceived inadequacy of bug bounty programs, s has announced their decision to sell exclusive, exploitable vulnerabilities directly to interested parties.. Renowned for their expertise and credited by industry giants like Apple and Microsoft, this team asserts that traditional bug bounty systems fall short in adequately compensating their efforts. Allegedly, their inventory features critical exploits like client-sided path traversal and remote code execution, impacting major companies and platform.
Critical Vulnerabilities:
- Apple – client-sided path traversal in subdomain – $5k
- Apple – RCE in subdomain – $15k
- Mozilla – RCE in subdomain – $15k
- exchange (proprietary token with $3kk+ market value) – RCE (directly linked to smart contract) – $50k
However, the most significant offering comes in the form of an RCE vulnerability directly linked to a proprietary token within a cryptocurrency exchange, commanding a price tag of $50,000 due to its connection with a smart contract valued at over $3 million.
This unconventional approach raises questions about the efficacy and fairness of existing bug bounty frameworks, prompting discussions within the cybersecurity community about alternative avenues for rewarding security researchers.