Page 1 of 1

No progress on reported vulnerabilities

Posted: Mon Jan 10, 2022 10:07 am
by infosec_jma
Hello!

We have recently (2 months ago or so) set up a bug bounty program for our company through you and we have had quite a few researchers reach out to us directly saying that they submitted reports here but haven't heard back, prodding us to process their reports directly. While we understand that this is a free service and that things can take some time, some researchers have been waiting more than 7 weeks, so we were wondering how we should set our and the researchers' expectations? Would really appreciate a reply!

Re: No progress on reported vulnerabilities

Posted: Wed Jan 12, 2022 1:37 pm
by x1admin
infosec_jma wrote:
Mon Jan 10, 2022 10:07 am
Hello!

We have recently (2 months ago or so) set up a bug bounty program for our company through you and we have had quite a few researchers reach out to us directly saying that they submitted reports here but haven't heard back, prodding us to process their reports directly. While we understand that this is a free service and that things can take some time, some researchers have been waiting more than 7 weeks, so we were wondering how we should set our and the researchers' expectations? Would really appreciate a reply!
Hello,
we have only 1 report for awin.com and this report deleted by researcher. We recommend to contact researcher for details.