8 comments

[ 2.4 ms ] story [ 33.1 ms ] thread
I've sometimes wondered if code I've worked on will ever make it onto HN.

This was not the preferred way ;)

Though in my defense, this code was written before I got there... But I'm pretty sure I've been through this exact code afterwards and never found the vulnerability.

Nice to meet you! There's always one that slips through the net ;-)
I reported a different vulnerability to Amazon a few days ago. I've gotten a case number, but haven't heard anything beyond that. It's nice to see their timeline and know that they are responding and fixing stuff.
I wonder why Amazon doesn't offer a bounty, even one that is a token amount.
People often whine more about a "token amount" more than they do a "thank you" in my experience.
(comment deleted)
I would be curious if the author would have investigated further if he knew for certain no monetary benefit would have been given by Amazon.
Of course! I did know for certain there was no monetary benefit. A t-shirt would have been nice, but I investigated for the fun of it.