Valve is now offering real cash rewards for disclosure of security flaws via H1 - Sensationalist Headlines

https://hackerone.com/valve?view_policy=true Security includes everyone. Our Steam users, our developers, third party software developers and the security community. Working together we can all make Steam and the Internet safer. We are running this HackerOne bounty program to reward researchers for identifying potential vulnerabilities. Please review the following guidelines detailing the rules of this bug bounty program. Only research following these guidelines will be eligible for a bounty. Rewards: https://files.facepunch.com/forum/upload/107290/055a5328-22c8-4218-85fe-e2119e72fc4b/image.png https://files.facepunch.com/forum/upload/107290/23acacd1-246c-4b46-aa95-a69a9c61b1d0/image.png Reports received through other channels prior to the paid bug bounty program launch are not eligible for monetary rewards. Nice I guess.

1-3k seems rather low for critical flaws, esp since there are people that will buy the information for way more money

#FacepunchLifeProTips

To be fair, they're offering bounties for Source games. If it was higher than that you could probably bankrupt the company using AFL and fast typing hands.

No, it only affected your client, but it unlocked the client runscript command in gmod too so you could just load whatever aimbot off of a quick google search also

Maybe that dude that found that one exploit involving sprays would finally get it looked at if they havent fixed it already

I think there's been 5-6 issues with sprays and they've been patched and then reexploited a few times now

This blows. @Zemnmez would've had like $60000 by now if they were giving the money out earlier (and he deserves like $10 000 alone for how bad some of his exploits were)

Top 10 anime portrayals

Some of the ones that have been disclosed are pretty amusing, like them leaving SQL info in a publically accessible script

Didn't a facepuncher found a serious source exploit? Now it's your time to shine whoever you are.

Valve can't pay 3k

I'll remove it later - Lazy Valve employee who kept it in

Those server-client remote execution vulnerabilities are worth a lot more than 3000, honestly it makes no financial sense to submit it to this bounty when you'll be able to easily find buyers for over 10x that payout. Especially considering he said he already disclosed them several times and Valve didn't actually bother patching them.

You mean this one? [PSA] SteamID spoofing in all steam multiplayer games and worse Which IIRC over two fucking years ago was posted to Reddit and sent to Valve, only for absolutely nothing to happen?

for comparison this is google's payouts for a similar program: https://files.facepunch.com/forum/upload/110042/3ce43041-df40-47f2-9df1-a7464d830f4e/Screen Shot 2018-05-10 at 10.22.50 PM.png

if you happened to find a remote code execution exploit for steam you'd suddenly be able to do whatever you wanted to any computer that had steam installed. it'd be an immense deal, and could bankrupt the company if mishandled.

money is nice n all but what about a community quality tf2 weapon valve cmon give us real bounties

https://wiki.teamfortress.com/wiki/Finder%27s_Fee I mean you can get this shitty hat Used to be able to get any hat you wanted, tho people bitched pretty hard when someone asked for a wiki-editor hat.

oh wow look at that it's Yet Another Fucking Ellis Cap Reskin

Finally some new sigsegv videos.

The last big TF2 update actually added four Ellis Cap reskins, but only the first is obtainable in game. https://wiki.teamfortress.com/w/images/thumb/d/df/Backpack_Monstrous_Memento.png/90px-Backpack_Monstrous_Memento.png https://wiki.teamfortress.com/w/images/thumb/4/42/Backpack_Mercenary_Park.png/90px-Backpack_Mercenary_Park.png https://wiki.teamfortress.com/w/images/thumb/5/5d/Backpack_Mannanas_Hat.png/90px-Backpack_Mannanas_Hat.png https://wiki.teamfortress.com/w/images/thumb/5/55/Backpack_Never_Forget_Hat.png/90px-Backpack_Never_Forget_Hat.png

Hey I edited articles too much to let some programmer or hacker touch my sparkles! That said, you'd think Valve would be able to afford to give better bounties for the amount of money they throw to the wind.

"Can I have HL3 instead?" "We'll give you triple if you shut up about it."

Good, some shit deserves more