What would you do if you discovered a heartbleed-scale vulnerability, affecting potentially more than 10% of computer users on the entire planet? Disclose it responsibly or post about it on /g/ and watch the ensuing chaos?
sell to russian hackers
>>59002132
Of course I'd shitpost on /g/. I'd steal bank account info first though.
>>59002132
Devise some way to demonstrate it to one of the big vulnerability resellers (Revuln etc) and ask them to make you an offer.
>>59002166
PS. set up a dead man's switch first.
>>59002132
probably fuck around first, steal some info then never disclose it and use it forever
>>59002132
Sell it to a competitor
For the lulz ofc.
>>59002139
You will get nothing.
>>59002132
I'd submit a pull request to fix it and then I'd change all my passwords
>>59002132
>or post about it on /g/ and watch the ensuing chaos
Now that's just fucking stupid.
There are people/companies/government agencies with deep pockets that would gladly share their wealth if you sell them a 0day
>>59002132
Depends. What, specifically, is the vuln?
Tell the creators about it, be happy that I will have something cool to put on my resume.
I'd very quietly try and fix it. Inform the people who maintain the code it affects, and discuss fixes.
How do you profit most from such knowledge?
>>59002132
I would deface 4chan, release its source code, and then sell it.
>>59002132
>tfw too lazy to try and ever use these vulnerabilities
I'd sell it to the Russians desu.