That or the dark vuln market will find a way to vet bugs and pay out faster and easier than the actual project.
I think people who find real bugs have lots of incentives to not sell them to criminals (in and of itself a crime!!)
I mean it depends where you are. In the US my salary is pretty damned high so it's not worth it. Once you start getting in other places, especially those embargod with the US/EU then it's a different story.
Presumably Hackerone isn't paying to people under US embargo!
I think people who find real bugs have lots of incentives to not sell them to criminals (in and of itself a crime!!)
I mean it depends where you are. In the US my salary is pretty damned high so it's not worth it. Once you start getting in other places, especially those embargod with the US/EU then it's a different story.
Presumably Hackerone isn't paying to people under US embargo!