Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Some might very well do. E.g. a company with a service for training hackers and security researchers.

In this case the question is moot, as this doesn't involve remote code execution.



Make a general point, get a general answer.

If the criteria for bug is "not intended", and that's solely judged by the company, then broken auth et al. suddenly become part of their product design.

If it quacks like a bug, it's a bug.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: