I found a bug in an app from a tv channel where you can stream live football. Normally you need a subscription for it to watch but i found a way to watch without paying for it.
So my question is how much i can ask the company to give me as a reward for finding such a bug, if you want to watch 1 game without subscription it will cost about 12 euro, a month subscription costs about 16 euro, and a season costs 150 euro.
Please tell me what you think, i want to know how much I can get from them.
I think they will have hired some developers and the moment you give them hint about the actual problem they are going to find the bug and fix it.
If they hired some freelancer for it, then you have good chances.
If it is ESPN/Start Sports, ask for anything above 1000 euro
Dude… it sounds like you are threatening their business (by releasing information) unless they pay you (a bug bounty). This is called EXTORTION and it is ILLEGAL in almost every country.
Not do what you did. The proper way is to write a business letter to their support group and ask to be forwarded to their engineering group. Ask for a reply if they forwarded it or not.
I doubt from the way you posted this out that you did this correctly or did it in a business like manner.
Companies get emails all day long like you probably sent. a video of it doing the bug with it blurred out for how it happens would have gone a long way.
Try find out if they have a Product Manager for the app. If so, get hold of that person. They will know everyone involved and can tell you IF there is a bug bounty program and if not, what the likelyhood is that one could be created.
I really don’t know how you imagine this playing out … They send you some money via Paypal or something ?
If I was them, I would assume it would go like this:
You provide proof
We confirm it.
We try replicate it, so we don’t need to pay you.
We claim we don’t have any business process in place that would allow us to pay you.
Ask if you will just give us the information anyway
Try buy you off with some SWAG or gift cards for airtime that our marketing department has laying about
Give up and call a meeting to decide how serious the business value and potential losses are.
Have some senior executive sign off on actually paying you
Form a contract with a bonded escrow agent that will hold the money until we can confirm the bug
Form a contract with you (for tax deduction purposes)
Negotiate value of the bug. Less costs.
Seriously… it is a MAJOR PITA to go through all this (from both sides). Just send them the damn info and be done with it. Or forget about it. Or get a lawyer involved. You should probably do that regardless given that you have attempted to extort money from them (it seems?).
If its a decent sized group that could all be done in a couple days to a couple of weeks.
The engineering group i work for (day job) has to come up with answers in 24 to 48 hours to compliance issues that could shut down every system we have around the world. We are pretty big so we have a whole team of lawyers that could deal with things such as the above in hours. It is their job to do things like this that i would call a pain in the ass. Smaller groups take longer obviously.
Uhm yes it is, we make video gambling games that are used in casinos worldwide as one of our many products. We are one of the oldest, largest and most profitable gaming device manufacturers. Without saying who i work for i guarantee you have seen our products in movies, pictures or in real life at a casino.
I say engineering group as we do both the hardware and software engineering. We have a single building dedicated to just OS and Game software engineering. I am sitting in the game development (software) area as i type this.
I have a MSc in Mech Eng, and after working for a large… err… let’s call it ‘organization that makes ocean going platforms with pointy ends’, moved to software. Ended up in a software company with around 300 people making software for engineers. Then got acquired by a 6000 people software company.
My experience is that the larger the company gets the more red tape there is to get the job done… so, (once again), consider yourself lucky to work in a lean environment where things get done!
Yea. This is an odd industry tho, very small for the massive things it does. Some people call it the silicon valley of Las Vegas. We are a fortune 500 company that acts like a mom and pop shop… Kinda funny really.