Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

security@ emails do get a lot of spam. It doesn't get talked about very much unless you're monitoring one yourself, but there's a fairly constant stream of people begging for bug bounty money for things like the Secure flag not being set on a cookie.

That said, in my experience this spam is still a few emails a day at the most, I don't think there's any excuse for not immediately patching something like that. I guess maybe someone's on holiday like you said.



This.

There is so much spam from random people about meaningless issues in our docs. AI has made the problem worse. Determining the meaningful from the meaningless is a full time job.


This is where “managed” bug bounty programs like BugCrowd or HackerOne deliver value: only telling you when there is something real. It can be a full time job to separate the wheat from the chaff. It’s made worse by the incentive of the reporters to make everything sound like a P1 hair-on-fire issue.


Half of the emails I used to get in a previous company were pointless issues, some coming from a honey pot.

The other half was people demanding payment.


Training a tech support team of interns to solve all of them would be an enviable hacker or software dev training program.


Use AI for that :)


Not kidding, I bet llm’s are excellent at triaging these reports. Humans, in a corporate setting, are apparently not.


My favorite one is the "We've identified a security hole in your website"... and I always respond quickly that my website is statically generated, nothing dynamic and immutable on cloudflare pages. For some odd reason, I never hear back from them.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: