Related Discussion 1 bug, $50k in bounties, a Zendesk backdoor (817 points, 11 hours ago, 254 comments) https://news.ycombinator.com/item?id=41818459

I submitted a comment to this article but it's unclear if it's going to be moderated or indeed published, here's what I said:

  I think it's a bit discourteous to shoo Daniel away due to an out of scope
  report, then cry wolf when your clients do actually feel that this warrants
  a response. The fact that you made changes to your systems in response
  indicates that this wasn't as benign as it first seemed.

  IMO Zendesk should do the right thing and issue a reward. An issue was
  reported and ultimately resolved in some fashion. Continue to encourage
  researchers to bother reporting things to you. Yes, you have a little egg
  on your face due to the end-run via your clients, but that's life, Zendesk
  will survive.