How does it resolve if, say, an API-key-leakage vulnerability is found and reported, and it is fixed before any users are affected?

I've priced that in as a cause for a YES resolution, personally. Like, the data would have been breached, right?

@Quroe Depends. Let's say I find a SQL injection vuln and test it to the extent of getting an SQL syntax error from an API response. That is not itself a data breach but it's a strong indication that a security bug is present that could become a data breach.

@retr0id look, I mean this isn’t an invitation to like intentionally hack us…. now I’m gonna have half of Manifold trying to break the product

@JeromeHPowell In my experience, @retr0id knows how to do stuff that is... well, for lack of a better term, beyond my comprehension.

I have also seen them show restraint on using information that they shouldn't have access to in an (arguably, from my point of view) moral fashion.

White hat hackers are valuable.

@Quroe yes, very much so

@JeromeHPowell Ha! The AI misinterpreted you.

@JeromeHPowell I think treating this market as a sort of bug bounty is a smart idea. Start with some low stakes stuff, and reward people for breaking in if they can.

@JeromeHPowell If the product is going to fail, it's better for it to fail early and fix it rather than much later if/when it's core to everyday life.

@Quroe I agree, I just don’t want everybody on the site to only try to break it

@JeromeHPowell This market has already opened that invitation. 😆

@JeromeHPowell If you opened this market without intending it to spur people here to try to find one, I think you very much do not understand this website.

@IsaacKing very fair point

@retr0id I've got a red team challenge for ya.

@Quroe !!!!!!!!!!!