How do you deal with "vulnerability scan" email spam?

Ilya Spike
2 replies
As a solo founder it could be helpful to learn about a new security flaw in your application that you didn't know about. Only if they were helpful, of course. Often more than not I am getting emails about something that is not an issue. It won't even be an issue if my site had tens of XSS and users using IE 5. But I also don't want to discourage open researches that do exist somewhere. Do you have a bug bounty program? What are your terms?

Replies

Ilya Spike
I might have heard @alessio_mavica getting some spam during his launch of BaliBam 👀
Share
@ilya_spike Yes, Ilya! I got two emails. I chose "Fix everything you get, promote / reward researchers". Even if I didn't pay anything. I don't have a bug bounty at the moment (yet). My suggestion is to reply and explain the situation. If you are pre-revenue, they generally are open to share the details anyway for free.
Share