I don’t agree with the holier then thou gatekeeping that Troy is attempting to justify here
I do agree that Responsible Disclosure™ is bullshit, “beg bounties” are a symptom. Troy’s approach is a symptom. Saying “look at me, I never ask for money” is so immature and privileged and lacks empathy when he goes through the exact same thing but then blames it on other people. He genuinely believes that his database of hacker goodies and monetization paths is better in some moral sense and says “no, everyone else is wrong” after people on twitter are like “dude, wtf”.
It would be wrong even if he had zero monetization paths too.
> Saying “look at me, I never ask for money” is so immature and privileged
If I find a vulnerability in your website, I'll disclose it publicly in 90 days, and I want $$$$ to disclose it to you early, that sounds extremely close to me blackmailing you for protection money.
Whereupon you might well decide, instead of paying, that you'll go to the cops and try to get me arrested for blackmail/hacking.
To me, a policy of never asking for money isn't "privilege", it's common sense.
It’s a symptom of a broken industry, you didn’t disprove a thing except telling us all you didn’t know what symptom was referring to
I intentionally didn’t offer solutions as that’s not necessary to point out that there is a different problem where trying to shame everyone into compliance is a dumb approach
I do agree that Responsible Disclosure™ is bullshit, “beg bounties” are a symptom. Troy’s approach is a symptom. Saying “look at me, I never ask for money” is so immature and privileged and lacks empathy when he goes through the exact same thing but then blames it on other people. He genuinely believes that his database of hacker goodies and monetization paths is better in some moral sense and says “no, everyone else is wrong” after people on twitter are like “dude, wtf”.
It would be wrong even if he had zero monetization paths too.