Indeed. I've also gotten a lot of "Hey I found a super critical security bug that makes your system ass, but if you pay me first I'll tell you what it is" types of submissions. Sometimes it's a hybrid, like something semi-legitimate but weak that they disclose up front, closing with a "and I've got another one that's juicy but you have to pay me first to hear it".
Oh and then of course there is the flood of people who just scanned our infra with Nessus and screenshotted part of the report (often with important details blacked out so we can't see them unless we pay).
As someone who has been on both sides of it as well, it just feels like everything is terrible
Oh and then of course there is the flood of people who just scanned our infra with Nessus and screenshotted part of the report (often with important details blacked out so we can't see them unless we pay).
As someone who has been on both sides of it as well, it just feels like everything is terrible