Open Bug Bounty Community Forum

I'm thinking of creating a list of company websites that I do not recommend the intervention of security researchers. The criteria to be included in this list are the following:

Lack of thanks for the work and time spent;
Lack of information when the vulnerability is fixed;
Lack of response to questions;
False promises of rewards just to get the information they wanted (personally I don't force anyone to give a reward, but don't like people who make fake promises just to obtain what they wish for);
Lack of a proper treatment when dealing with security researchers

The idea is to put a pastebin link with the list in my profile.

Since this is a community, I would like to know your opinion about this, if you agree or not.

I also would like to know from the administrator if exists any rule that are against this action.

Cheers

uhm... hard so say... generally i don't like the idea of making a "blame-list" or so.
what would be the reaction? they will never ever even think about working with us when we're blaming on them.

We're better than that. You're better than that.

I understand the feeling you're getting though. I'm with you. But at the same time, it doesn't mean we should use our knowledge and capabilities for monetary gain or the expectation of such. It makes us no better than those that do.

We do this, as a community, to protect the end user.
We do this on our free time for the expectation of not receiving anything.
We do this to make the Internet a safer place.

At least that's what I've gotten from the time being involved in the Open Bug Bounty community.

I believe we should strive to keep it that way.

mcurietribute wrote: ↑

Wed Dec 27, 2017 5:45 am

We do this, as a community, to protect the end user.
We do this on our free time for the expectation of not receiving anything.
We do this to make the Internet a safer place.

+1