Researcher Blows $15K By Reporting Bug To Google 69
CWmike writes "A security researcher lost a sure $15,000 at this week's Pwn2Own hacking contest because he had earlier reported the bug to Google, which has patched the vulnerability in its Android Market. 'I missed out money wise,' said Jon Oberheide, co-founder and CTO of Duo Security, a developer of two-factor authentication software. 'But it was good that Google is rewarding researchers. And now I have my first Android vulnerability that qualified for a bounty.' Google cut a check to Oberheide for $1,337."
Good publicity (Score:4, Informative)
Re:Good publicity (Score:4, Informative)
No, Pwn2Own is white-hat - successful exploits are never published and full details are given to the developer. He only reported it beforehand because he mistakenly believed it wouldn't be a permitted exploit for the competition.
If you read his comments on the matter he's more upset about not being able to embarrass Google with such a simple exploit than he is about the money.