Open Bug Bounty Community Forum

Coordinated & Responsible Disclosure
https://www.openbugbounty.org/forum/

If a company wants a report deleted and the researcher wants to keep it, what happens?

https://www.openbugbounty.org/forum/viewtopic.php?f=5&t=1176

Page 1 of 1

If a company wants a report deleted and the researcher wants to keep it, what happens?

Posted: Fri Mar 06, 2020 12:57 pm
by PauloChoupina
Hi, I'm just curious:

If a researcher reports a xss and the website owner wants the report deleted (for any reason), whats your policy in this cases?

I mean, if a website owner contacts you to delete a report, do you delete it? Even if it is against the researcher will?

Best regards and congrats on the amazing platform you got here,

Re: If a company wants a report deleted and the researcher wants to keep it, what happens?

Posted: Sat Mar 07, 2020 9:10 pm
by secuninja
be nice. it's the owners website... so if they dont want to have this information published that's fine for me.
you can ask admin for deleting details and just keep the meta record.

Re: If a company wants a report deleted and the researcher wants to keep it, what happens?

Posted: Sun Mar 08, 2020 2:04 pm
by metamorfosec_id
I always contact OBB via contact form to make the submissions as Private if website owners do not want to see the reports as Public..

After that, I inform the website owners regarding the old submission URL (it will produce 404 error page) and the new submission URL (it will contain secret URL).

Re: If a company wants a report deleted and the researcher wants to keep it, what happens?

Posted: Wed Mar 11, 2020 4:37 pm
by geeknik
If a company wants me to delete the report, I delete it ASAP, no questions asked.
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/