Notification emails

Questions or suggestions about the platform
Post Reply
metamorfosec_id
Posts:269
Joined:Mon Apr 30, 2018 7:35 am
Notification emails

Post by metamorfosec_id » Tue Oct 02, 2018 6:06 pm

Hello OpenBugBounty Team,

Currently, I, at my discretion, sent additional notification email using Send Notification Feature yesterday (2 October) for one of my submissions because I did not receive any response since date of vulnerability reported. I got a response just a few hours from website owner and as usually, I sent the vulnerability details. Unfortunately, the website owner is angry about why long delay because there is no notification when the issue identified (5 July) and the public disclosure is today (3 october).

So my questions:

1) Does Website Owner Notification Process by the OpenBugBounty Platform work? I mean, how we as researchers know that the sent emails have received by website owner or not? The platform does not inform about this. For example, info@ and support@ sent successfully, but contact@ failed.

2) To prevent any misunderstanding, could you please write explicitly security contact that provided when submitting the issue in the "Using security contacts provided by the researcher" Section? I myself often forget about the security contact that I provided in the past once submitted the issues.

Need your clarification for #1 and your opinion for #2.

Regards.

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Notification emails

Post by x1admin » Wed Oct 03, 2018 5:03 pm

metamorfosec_id wrote:
Tue Oct 02, 2018 6:06 pm
Hello OpenBugBounty Team,

Currently, I, at my discretion, sent additional notification email using Send Notification Feature yesterday (2 October) for one of my submissions because I did not receive any response since date of vulnerability reported. I got a response just a few hours from website owner and as usually, I sent the vulnerability details. Unfortunately, the website owner is angry about why long delay because there is no notification when the issue identified (5 July) and the public disclosure is today (3 october).

So my questions:

1) Does Website Owner Notification Process by the OpenBugBounty Platform work? I mean, how we as researchers know that the sent emails have received by website owner or not? The platform does not inform about this. For example, info@ and support@ sent successfully, but contact@ failed.

2) To prevent any misunderstanding, could you please write explicitly security contact that provided when submitting the issue in the "Using security contacts provided by the researcher" Section? I myself often forget about the security contact that I provided in the past once submitted the issues.

Need your clarification for #1 and your opinion for #2.

Regards.
1) Notifications work. All emails send but we don't have info about email receiving by owner.
2) Every report in your list have comment area where you can add any info

metamorfosec_id
Posts:269
Joined:Mon Apr 30, 2018 7:35 am

Re: Notification emails

Post by metamorfosec_id » Sun Dec 23, 2018 11:20 am

Dear Admin,

For #2:

I always provide contact person email addresses in "Comment" Area once I read your reply. By the way, I read on another post below that providing email addresses explicitly may raise a privacy issue:

viewtopic.php?f=5&t=798&sid=d51ca6ec17a ... b502f6574a

You did not mention "Internal Comment" when answering to my question, so that I am confuse between "Comment" Area and "Internal Comment".

Are my previous reports that providing email addresses may violate privacy aspect? If so, I am so sorry and please remove the contact information on my reports (edit: about 400 reports since October 2018 :( ).

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: Notification emails

Post by x1admin » Mon Dec 24, 2018 8:15 am

metamorfosec_id wrote:
Sun Dec 23, 2018 11:20 am
Dear Admin,

For #2:

I always provide contact person email addresses in "Comment" Area once I read your reply. By the way, I read on another post below that providing email addresses explicitly may raise a privacy issue:

viewtopic.php?f=5&t=798&sid=d51ca6ec17a ... b502f6574a

You did not mention "Internal Comment" when answering to my question, so that I am confuse between "Comment" Area and "Internal Comment".

Are my previous reports that providing email addresses may violate privacy aspect? If so, I am so sorry and please remove the contact information on my reports (edit: about 400 reports since October 2018 :( ).
done

metamorfosec_id
Posts:269
Joined:Mon Apr 30, 2018 7:35 am

Re: Notification emails

Post by metamorfosec_id » Tue Dec 25, 2018 9:13 am

Oh many thanks admin :D

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests