Hi, I just thought I would update everyone on my experience and the last 12 hours.
At the time in which I found the bug and was not awarded for it, I was quite upset, evident from my tone in the email in which I decided that I did not want to receive any of their "swag", but rather give them some constructive criticism.
I wasn't expecting the blog post to get as noticed as it did, but as it has, I was able to observe great points on both sides of the argument of whether or not I should be received the bug bounty. These discussions were definitely required as they brought out some important issues with bug bounties today and how security issues should really be dealt with.
Prezi, has now both apologised to me and also have offered to pay me for my findings. I have updated my blog post to show this, as well as the emails exchanged between us. I'm glad that it ended this way - all within the last 12 hours.
Initially, I did not redact the developers names, and after the blog post became I had to rush to make sure that I had removed them from all places which were indexed by Google. My intention was not to negatively affect the careers of the Prezi developers affected from my findings.
I thank everyone here, and generally on the internet, for looking closer into my findings.
At the time in which I found the bug and was not awarded for it, I was quite upset, evident from my tone in the email in which I decided that I did not want to receive any of their "swag", but rather give them some constructive criticism.
I wasn't expecting the blog post to get as noticed as it did, but as it has, I was able to observe great points on both sides of the argument of whether or not I should be received the bug bounty. These discussions were definitely required as they brought out some important issues with bug bounties today and how security issues should really be dealt with.
Prezi, has now both apologised to me and also have offered to pay me for my findings. I have updated my blog post to show this, as well as the emails exchanged between us. I'm glad that it ended this way - all within the last 12 hours.
Initially, I did not redact the developers names, and after the blog post became I had to rush to make sure that I had removed them from all places which were indexed by Google. My intention was not to negatively affect the careers of the Prezi developers affected from my findings.
I thank everyone here, and generally on the internet, for looking closer into my findings.
Thank you, Shubham