Appropriate reward for identifying security flaw?

1 points by betterangels ↗ HN
Recently I was looking at a nice font and the blog by creator of the font. I was poking around and realise that the blog points towards resources from the font's author website and I noticed a reference in the html to a supposedly full version of the font.

It turned out to be the full version and I reported this to the creator. He then asked what I wanted as a reward and I indicated that it would be nice if I could get a copy of the font.

The author then gave me a license for a very limited version of the font he was selling and indicated that he could not afford to give me the full set.

At this point I am a bit amused and puzzled. I have just saved this author many potential lost sales of the full set of fonts because the link wasn't all that hard to find and yet it is too costly to gift me a full set? Is this kind of mindset prevalent or is my expectations not compatible with reality?

Is there some angle of thinking about this that makes sense? At this point to me it is not so much about the cots or the reward. I am just curious what drives such behaviour.

2 comments

[ 3.1 ms ] story [ 12.1 ms ] thread
It's just stupid to "reward" in such a way.