Bug bounty platforms buy researcher silence, violate labor laws, critics say

When Jonathan Leitschuh found a catastrophic security vulnerability in Zoom, the popular videoconferencing platform, the company offered him money to keep quiet in the form of a bug bounty and a non-disclosure agreement (NDA) through Bugcrowd.

The security flaw affected millions of Zoom users on Mac, and Leitschuh wanted to see the issue fixed. He declined the bounty payment because of the NDA, gave Zoom an industry-standard 90-day embargo to ship a patch, and when the company failed to do so, he published his research. 

To read this article in full, please click here