Hello Admin,
I have observed that every website owners create bug bounty programs, not long after that, vulnerabilities that I discovered related to their websites are fixed.
If website owners can view the vulnerability details without reaching the researcher first like that, then what is the meaning of sentence in every OBB alerts: "Please contact the security researcher directly for technical details of the vulnerability" ?
view the vulnerability details
Re: view the vulnerability details
You can uncheck Automatic Disclosure if don't want to share details to ownermetamorfosec_id wrote: ↑Sun Jan 12, 2020 5:07 pmHello Admin,
I have observed that every website owners create bug bounty programs, not long after that, vulnerabilities that I discovered related to their websites are fixed.
If website owners can view the vulnerability details without reaching the researcher first like that, then what is the meaning of sentence in every OBB alerts: "Please contact the security researcher directly for technical details of the vulnerability" ?
-
- Posts:269
- Joined:Mon Apr 30, 2018 7:35 am
Re: view the vulnerability details
Oh, I just know the function of "Automatic Disclosure"
Could "Automatic Disclosure" unchecked by default?
This is based on fact that many website owners do not appreciate our findings.
They just create bug bounty programs, view the details, fix them, and never contacting us.
If we submit the vulnerability and we have experience that the website owner appreciated us in the past, then we can check the "Automatic Disclosure" by ourselves.
Could "Automatic Disclosure" unchecked by default?
This is based on fact that many website owners do not appreciate our findings.
They just create bug bounty programs, view the details, fix them, and never contacting us.
If we submit the vulnerability and we have experience that the website owner appreciated us in the past, then we can check the "Automatic Disclosure" by ourselves.
Re: view the vulnerability details
On another side we have big count of messages from website owners where they write us what they don't got response from researcher. This is why we added this feature.metamorfosec_id wrote: ↑Mon Jan 13, 2020 8:20 amOh, I just know the function of "Automatic Disclosure"
Could "Automatic Disclosure" unchecked by default?
This is based on fact that many website owners do not appreciate our findings.
They just create bug bounty programs, view the details, fix them, and never contacting us.
If we submit the vulnerability and we have experience that the website owner appreciated us in the past, then we can check the "Automatic Disclosure" by ourselves.
-
- Posts:269
- Joined:Mon Apr 30, 2018 7:35 am
Re: view the vulnerability details
Very dilemmatic.
Just like CAPTCHA, maybe "Automatic Disclosure" can be set to Unchecked by default only for reputable researchers.
I am sure they always respond website owners.
Just like CAPTCHA, maybe "Automatic Disclosure" can be set to Unchecked by default only for reputable researchers.
I am sure they always respond website owners.
Re: view the vulnerability details
what about account specific settings for reputable researchers? i'd love to go over all that clicks to be made before a report is created.
-
- Posts:269
- Joined:Mon Apr 30, 2018 7:35 am
Re: view the vulnerability details
Have "REPUTABLE" Badge (10+ Recommends).
Hope I do not forget to make "Automatic Disclosure" becomes unchecked before submitting reports.
Who is online
Users browsing this forum: No registered users and 2 guests