To whom to sell bugs and vulnerabilities?

F

First name Last name2016-06-04 13:16:35

Information Security

First name Last name, 2016-06-04 13:16:35

Hello,
I have been working on web application security for quite a long time (mostly searching for bugs and vulnerabilities).
I always tried to be a bit of an altruist, and even if the companies refused to send $Thanks, I informed them about the bugs and vulnerabilities found for free.
But time passes, and "greed" grows (When a large payment system pays 1000 USD for vulnerabilities that allow you to view information about other people's transactions or a large payment aggregator pays 100 USD for information about dozens of bugs and vulnerabilities - I think not only I would have a question " And who actually needs it")... I
was interested in the question - to whom and where can you quickly sell bugs and vulnerabilities (Mostly XSS vulnerabilities) of large Russian-language sites without any connections?
PS More or less legal ways and places of sale. Specific "places" please...

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

#

#algooptimize #bottize, 2016-06-04
@IvanDanilov

I understand correctly, your work was not appreciated, you are looking for those who will appreciate the consequences of this - the use of vulnerabilities to the detriment of some people who are not in business at all? Where is the altruism...

D

di23, 2016-06-04
@di23

You run the risk of contacting "the wrong people." Of course, I can interfere in my own business., But maybe you should try not to work in the Russian segment?