User offered to disclose a bug to me in exchange for annual subscription
A weird thing happened this morning I've never experienced. User offered to disclose a "serious" bug they had found if I provided them with an annual subscription to our top plan.
What would you do here?
Our plans are only $7 and $20 respectively so not huge.
I first asked where the bug was (on the website or in the app itself) and what it was related to (security, user experience or other).
He would only say it's on the website.
Our website is run through Shopify (even though it's saas, bit of a story here), so I wasn't too concerned with security.
There's also a bunch of UX bugs here that can be improved but it just hasn't been priority.
So I declined and instead offered him a 50% discount on any of our plans as a sign of good faith for reporting.
He instead asked for an annual subscription to the basic plan ("it's only $240 and doesn't cost you anything" was his initial argument).
I declined and offered the 50% discount again and he left in good faith.
What would you have done here?
It is a tricky one, I suppose for me the main thing is - if they're the type of person who is holding back this information for a subscription, do you want them as a customer? I don't think I would.
Had a similar thing happen to me. Although they wanted money instead. The "security threat" turned out to be benign. Biggest waste of money. Don't do it.
Imagine he became your customer. He will find another thing to hold you hostage. You never want to let anyone blackmail you, ever. Also be careful with these "serious bug" types. It could also be a scam at worst and at best, you dodged a bullet by not caving in to blackmailer.
I would just ask them to "Please submit the bug report to our email at [email protected]". Keep it professional and move on.
Honestly this "customer" is probably not worth the headache. I send bug reports to my favorite services (especially if they are indie hackers) all the time because I want to help them do better and hope I'll get fixes that make my life better. If they don't think that you probably dont need this person in your life
He's a character for sure.
Normal bugs are usually reported by actual users in hope you would make it better for them, in most cases you get more reported than you would ever be able to fix.
Security bugs are trickier but suppose it's not the case.
I think the offer for some discount was a good move, due I would have probably offered way less ^^.
It sounds like user want to use your product but don't want to pay annual fee(ask his thought whether it is bigger amount that he don't want to pay: try to read his mind).
Security bugs cost more. But in your case, you do not need to worry about that.
Bug bounty is depends on area. If you worry/concern about bug then tell him that you will offer discount after knowing bug severity.
I think you made the right call. Sounds to me like this person was trying to pull a fast one.
Sounds dishonest. I wouldn't believe him.
This comment was deleted 3 years ago.
I couldn't agree more! This guy sounds very sketchy - I'd be happy to not have to worry about receiving future customer support tickets from them.