Also no details about what severity the vulnerability was assessed as. For all w... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

ryanjshaw on May 27, 2023 | parent | context | favorite | on: GCP CloudSQL Vulnerability Leads to Internal Conta...

Also no details about what severity the vulnerability was assessed as. For all we know they got a $10 Play Store voucher because the security boundary is the VM, and SQL customers are already paying for the VM and the rest is convenience so they are considered to be hacking themselves here. Reading this was a waste of time.

havetocharge on May 27, 2023 [–]

There's a big fat NDA attached to the reward.

abwizz on May 27, 2023 | [–]

maybe security researchers would be well advised to establish a kind of name and shame culture for this NDA with benefits thing that mainly serves to protect corporate interests.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact