Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now?

• Previous message (by thread): Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now?
• Next message (by thread): Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Better known as Beg Bounties.
https://www.troyhunt.com/beg-bounties/

It's a thing.

On Thu, 3 Mar 2022 at 09:32, Brie <bruns at 2mbit.com> wrote:
>
> I just got this in my e-mail...
>
> ------
> From: xxxxxxx <xxxxxxxxxx6 at iqra.edu.pk>
> Date: Thu, 3 Mar 2022 03:14:03 +0500
> Message-ID: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx at mail.gmail.com>
> Subject: Found Security Vulnerability
> To: undisclosed-recipients:;
> Bcc: sxxxxxxxxx at ahbl.org
>
> Hi  Team
>
> I am a web app security hunter. I spent some time on your website and found
> some vulnerabilities. I see on your website you take security very
> passionately.
>
>   Tell me will you give me rewards for my finding and responsible
> disclosure? if Yes, So tell me where I send those vulnerability reports?
> share email address.
>
> Thank you
>
> Good day, I truly hope it treats you awesomely on your side of the screen :)
>
> xxxxx Security
> ------
>
>
> Is soliciting for money/rewards when the site makes no indication they
> offer them a common thing now?
>
> If you want to see a copy of the original message, let me know off list
> and I'll send it to you.
>
>
> --
> Brielle Bruns
> The Summit Open Source Development Group
> http://www.sosdg.org    /     http://www.ahbl.org

• Previous message (by thread): Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now?
• Next message (by thread): Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]