Hello OpenBugBounty Team,
Currently, I, at my discretion, sent additional notification email using Send Notification Feature yesterday (2 October) for one of my submissions because I did not receive any response since date of vulnerability reported. I got a response just a few hours from website owner and as usually, I sent the vulnerability details. Unfortunately, the website owner is angry about why long delay because there is no notification when the issue identified (5 July) and the public disclosure is today (3 october).
So my questions:
1) Does Website Owner Notification Process by the OpenBugBounty Platform work? I mean, how we as researchers know that the sent emails have received by website owner or not? The platform does not inform about this. For example, info@ and support@ sent successfully, but contact@ failed.
2) To prevent any misunderstanding, could you please write explicitly security contact that provided when submitting the issue in the "Using security contacts provided by the researcher" Section? I myself often forget about the security contact that I provided in the past once submitted the issues.
Need your clarification for #1 and your opinion for #2.
Regards.
Notification emails
Re: Notification emails
1) Notifications work. All emails send but we don't have info about email receiving by owner.metamorfosec_id wrote: ↑Tue Oct 02, 2018 6:06 pmHello OpenBugBounty Team,
Currently, I, at my discretion, sent additional notification email using Send Notification Feature yesterday (2 October) for one of my submissions because I did not receive any response since date of vulnerability reported. I got a response just a few hours from website owner and as usually, I sent the vulnerability details. Unfortunately, the website owner is angry about why long delay because there is no notification when the issue identified (5 July) and the public disclosure is today (3 october).
So my questions:
1) Does Website Owner Notification Process by the OpenBugBounty Platform work? I mean, how we as researchers know that the sent emails have received by website owner or not? The platform does not inform about this. For example, info@ and support@ sent successfully, but contact@ failed.
2) To prevent any misunderstanding, could you please write explicitly security contact that provided when submitting the issue in the "Using security contacts provided by the researcher" Section? I myself often forget about the security contact that I provided in the past once submitted the issues.
Need your clarification for #1 and your opinion for #2.
Regards.
2) Every report in your list have comment area where you can add any info
-
- Posts:269
- Joined:Mon Apr 30, 2018 7:35 am
Re: Notification emails
Dear Admin,
For #2:
I always provide contact person email addresses in "Comment" Area once I read your reply. By the way, I read on another post below that providing email addresses explicitly may raise a privacy issue:
viewtopic.php?f=5&t=798&sid=d51ca6ec17a ... b502f6574a
You did not mention "Internal Comment" when answering to my question, so that I am confuse between "Comment" Area and "Internal Comment".
Are my previous reports that providing email addresses may violate privacy aspect? If so, I am so sorry and please remove the contact information on my reports (edit: about 400 reports since October 2018 ).
For #2:
I always provide contact person email addresses in "Comment" Area once I read your reply. By the way, I read on another post below that providing email addresses explicitly may raise a privacy issue:
viewtopic.php?f=5&t=798&sid=d51ca6ec17a ... b502f6574a
You did not mention "Internal Comment" when answering to my question, so that I am confuse between "Comment" Area and "Internal Comment".
Are my previous reports that providing email addresses may violate privacy aspect? If so, I am so sorry and please remove the contact information on my reports (edit: about 400 reports since October 2018 ).
Re: Notification emails
donemetamorfosec_id wrote: ↑Sun Dec 23, 2018 11:20 amDear Admin,
For #2:
I always provide contact person email addresses in "Comment" Area once I read your reply. By the way, I read on another post below that providing email addresses explicitly may raise a privacy issue:
viewtopic.php?f=5&t=798&sid=d51ca6ec17a ... b502f6574a
You did not mention "Internal Comment" when answering to my question, so that I am confuse between "Comment" Area and "Internal Comment".
Are my previous reports that providing email addresses may violate privacy aspect? If so, I am so sorry and please remove the contact information on my reports (edit: about 400 reports since October 2018 ).
-
- Posts:269
- Joined:Mon Apr 30, 2018 7:35 am
Re: Notification emails
Oh many thanks admin
Who is online
Users browsing this forum: No registered users and 2 guests