Permalink Submitted by Zee on Wed, 11/02/2016 - 06:53
While Wickr is wrong by not paying out the decalred bounty, the reasearchers behaviour is also questionable. From the time frame in the article it seems that the reasearch and bugs discovery work (2013-2014) was done prior to Wickr declaration of the bounty program(January 2014). Then, the question is would the researchers have disclosed the bugs to Wickr if it did not offer a reward? For me it seems that the researchers kept the vulnerabilities they discovered to themselves in hope that one day they could get the chance of making money out of them. While it is their right to get paid for the effort they made, the ethical thing would have been to disclose the vulnerabilities once they are discovered whether or not there was a bounty program. Everything has become a business...
hmmm
While Wickr is wrong by not paying out the decalred bounty, the reasearchers behaviour is also questionable. From the time frame in the article it seems that the reasearch and bugs discovery work (2013-2014) was done prior to Wickr declaration of the bounty program(January 2014). Then, the question is would the researchers have disclosed the bugs to Wickr if it did not offer a reward? For me it seems that the researchers kept the vulnerabilities they discovered to themselves in hope that one day they could get the chance of making money out of them. While it is their right to get paid for the effort they made, the ethical thing would have been to disclose the vulnerabilities once they are discovered whether or not there was a bounty program. Everything has become a business...