I recently found a vulnerability in a food delivery app where i can add credit to my account. as some of u suggested I decided to report it. Here is their response of me asking (before explaining the bug) if i will be legally prosecuted and if ill be rewarded. this was their response. I feel they were mean. Thoughts ?

Just report the bug and leave them alone, I kinda hate him

Depends what you actually sent, i perceived you were coming across as demanding a reward for your efforts, but I could be wrong.

But seems reasonable, albeit stuck up.

I don't know what you've written them. "Daniel" may have perceived you mail in a different way you meant.

When I get this type of response - especially if I did not expect them - I perceive them as mean at first, but at second glance they are not.

It sounds like he understood your email as a potential for blackmailing.

My advice, just report whatever you find, don't do it for getting in return, you do what you have to do and let it flow.

I wouldn't be happy if there is a similar flow in a product I wrote at work and no one reported it

Yeah ill just report it anyway, and no i made it clear that i do not intend to use nor tell anyone about it. So idk how they might have perceived it as blackmail. But he was probably pissed at the chance several people found out and made the company lose money without him knowing 😂

I did this too upon finding my first security issue, but right after sending the mail I felt bad about it since it kinda sounded like blackmailing, so I just filled the issue. I did not get ANY compensation.

Moral of the story: theres no reason to ask for compensation before filing, unless if you plan on blackmailing(which ofc. you should not). Compensation is a tip; not a payment

All good IMO. Although it's quite bald of you to ask for a reward for something noone asked you to do :) Don't do that. It was your own initiative, your own time.

If I picked up a rock off a road I would not ask anyone for any compensation. Would you? I may have prevented an accident as well you know :)

Take the voucher ffs. Bring a girl to dinner. You know... be fair

Post what you wrote also please.

Tbh I think the problem is asking first, and filling the issue only after confirmation. See if someone tells you "hey, I have your daughter, will you reward me if I bring her back?" Instead of bringing her back in the first place, you are going to be skeptical and anxious to get more information fast

@kgbemployee this was my message

Are you feel bored! Now go on Crazy Food challenges channel on https://youtube.com/channel/... & watch the full video, that has great content about eating challenges. Such enjoyed moments and watched the real fun on this platform.