Open Bug Bounty Community Forum

Posted: **Thu Jan 16, 2020 5:13 pm**

Hello,

Sometimes it is hard to find a valid contact to report a vulnerability.

So I take one I found, try it and if I don't get any response after several days I try another one and so on.

But due to many vulnerabilities and it is impossible to remember all used contacts.

With U.S. universities I may have luck with some (security@, infosec@, iso@, cybersecurity@, soc@, its@, itsecurity@, cert@ and more) but again it is hard to remember every attempt.

It will be great to see the list of additional contacts that were used for a report (this information will only appear for the researcher that submitted the flaw)

Posted: **Fri Jan 17, 2020 8:30 am**

devl00p wrote: ↑
Thu Jan 16, 2020 5:13 pm
Hello,

Sometimes it is hard to find a valid contact to report a vulnerability.

So I take one I found, try it and if I don't get any response after several days I try another one and so on.

But due to many vulnerabilities and it is impossible to remember all used contacts.

With U.S. universities I may have luck with some (security@, infosec@, iso@, cybersecurity@, soc@, its@, itsecurity@, cert@ and more) but again it is hard to remember every attempt.

It will be great to see the list of additional contacts that were used for a report (this information will only appear for the researcher that submitted the flaw)

added in to-do list

Posted: **Wed Jan 29, 2020 3:29 am**

Expanding on this a bit, would it also be possible to show which contact attempts probably failed (bounce, invalid user, error, etc) and which attempt probably succeeded? Thank you.

Open Bug Bounty Community Forum

Suggestion: seeing used contact for a report

Suggestion: seeing used contact for a report

Re: Suggestion: seeing used contact for a report

Re: Suggestion: seeing used contact for a report