Removal of *QUICKEST PATCHED*?

vpq_wtf · Post by **vpq_wtf** » Tue Jul 25, 2017 5:38 pm

Hi,

What is the purpose of this section when submissions aren't checked on a regular basis for integrity?
Can you explain how this section exactly works and what classifies as a patch to the system that checks for this?

I'm sure there are many submissions that are marked as unpatched which are actually patched right now.
For example, I just selected a random submission from a profile: https://www.openbugbounty.org/reports/220549/ which is patched but marked as unpatched.

So in this case, *quickest patched* doesn't make sense at all because this submission was patched a while ago.
If this is something that is done by the researcher manually, perhaps you should consider a feature to check all submissions for a patch.

vpq_wtf

Post by **x1admin** » Wed Jul 26, 2017 6:23 am

vpq_wtf wrote: ↑
Tue Jul 25, 2017 5:38 pm
Hi,

What is the purpose of this section when submissions aren't checked on a regular basis for integrity?
Can you explain how this section exactly works and what classifies as a patch to the system that checks for this?

I'm sure there are many submissions that are marked as unpatched which are actually patched right now.
For example, I just selected a random submission from a profile: https://www.openbugbounty.org/reports/220549/ which is patched but marked as unpatched.

So in this case, *quickest patched* doesn't make sense at all because this submission was patched a while ago.
If this is something that is done by the researcher manually, perhaps you should consider a feature to check all submissions for a patch.

vpq_wtf

you can use this thread viewtopic.php?f=10&t=179 if you have reports that not marked as patched

vpq_wtf · Post by **vpq_wtf** » Wed Jul 26, 2017 12:51 pm

Yes, but this defeats the purpose of this section because there is no way you're going to mark it as patched within 4 minutes or an hour.

Post by **x1admin** » Thu Jul 27, 2017 6:52 am

vpq_wtf wrote: ↑
Wed Jul 26, 2017 12:51 pm
Yes, but this defeats the purpose of this section because there is no way you're going to mark it as patched within 4 minutes or an hour.

if report approved automatically, patch checked auto too, no problems fot patch 4 or 1 min

Post by **x1admin** » Thu Jul 27, 2017 6:33 pm

Currently a mass patch verification is in progress - all patched (but marked as unpatched) vulnerabilities will be added to researcher statistics.

In the future, such mass checks will be regular and automated, moreover with new submission and disclosure policy - very few submissions will go live unpatched.

insecurity · Post by **insecurity** » Fri Jul 28, 2017 11:17 am

Your "quickest patch" feature is broken anyway. Take this submission for example: https://www.openbugbounty.org/reports/68865/

Vulnerability existence verified and confirmed
29 June, 2015 at 19:45 GMT

Patched:
Yes, at 29.06.2015
Latest check for patch:
29.06.2015 20:10 GMT

According to your own statistics, this was patched 25 minutes after being reported... yet it is not listed on 'quickest patched' section. Clearly something is broken here. I know this was patched within ~20mins because I recall it being one of the quickest patches I've ever seen deployed in my history of reporting bugs.

Post by **x1admin** » Fri Jul 28, 2017 1:24 pm

insecurity wrote: ↑
Fri Jul 28, 2017 11:17 am
Your "quickest patch" feature is broken anyway. Take this submission for example: https://www.openbugbounty.org/reports/68865/

Vulnerability existence verified and confirmed
29 June, 2015 at 19:45 GMT

Patched:
Yes, at 29.06.2015
Latest check for patch:
29.06.2015 20:10 GMT

According to your own statistics, this was patched 25 minutes after being reported... yet it is not listed on 'quickest patched' section. Clearly something is broken here. I know this was patched within ~20mins because I recall it being one of the quickest patches I've ever seen deployed in my history of reporting bugs.

we show quickest patches for last year

insecurity · Post by **insecurity** » Fri Jul 28, 2017 1:57 pm

x1admin wrote: ↑
Fri Jul 28, 2017 1:24 pm
we show quickest patches for last year

Ah, I guess most people will look at that and assume it's a list of all-time quickest patched reports made to the site. Thanks for clearing it up.

insecurity · Post by **insecurity** » Fri Jul 28, 2017 5:03 pm

x1admin wrote: ↑
Thu Jul 27, 2017 6:33 pm
Currently a mass patch verification is in progress - all patched (but marked as unpatched) vulnerabilities will be added to researcher statistics.

In the future, such mass checks will be regular and automated, moreover with new submission and disclosure policy - very few submissions will go live unpatched.

How does this mass patch verification work? I see many patched vulns on my profile still marked as unpatched, with 'latest check for patch' showing dates from months ago?

Post by **x1admin** » Fri Jul 28, 2017 5:52 pm

insecurity wrote: ↑
Fri Jul 28, 2017 5:03 pm

x1admin wrote: ↑
Thu Jul 27, 2017 6:33 pm
Currently a mass patch verification is in progress - all patched (but marked as unpatched) vulnerabilities will be added to researcher statistics.

In the future, such mass checks will be regular and automated, moreover with new submission and disclosure policy - very few submissions will go live unpatched.
How does this mass patch verification work? I see many patched vulns on my profile still marked as unpatched, with 'latest check for patch' showing dates from months ago?

we check all reports for patch, it takes a long time

Open Bug Bounty Community Forum

Removal of QUICKEST PATCHED?

Re: Removal of QUICKEST PATCHED?

Re: Removal of QUICKEST PATCHED?

Re: Removal of QUICKEST PATCHED?

Re: Removal of QUICKEST PATCHED?

Re: Removal of QUICKEST PATCHED?

Re: Removal of QUICKEST PATCHED?

Re: Removal of QUICKEST PATCHED?

Re: Removal of QUICKEST PATCHED?

Re: Removal of QUICKEST PATCHED?

Who is online