Mon, 18 May 2015
In this episode...
Note back from United Bug Bounty Team:
Posted with permission--
Thank you for the question. We want researchers to be able to notify of potential issues they find while still protecting customers who are not participating in the program. If a researcher launched a brute force attack and locked the accounts of 10,000 customers through already existing security measures this would negatively affect our customers and the program.
If any researchers believe they may have found a brute force condition, they can feel free to submit it to us without testing. We will check on our end and if we confirm a bug exists we will gladly reward them for their effort. Does that make sense?
United Bug Bounty Team"