Notification emails
Posted: Tue Oct 02, 2018 6:06 pm
Hello OpenBugBounty Team,
Currently, I, at my discretion, sent additional notification email using Send Notification Feature yesterday (2 October) for one of my submissions because I did not receive any response since date of vulnerability reported. I got a response just a few hours from website owner and as usually, I sent the vulnerability details. Unfortunately, the website owner is angry about why long delay because there is no notification when the issue identified (5 July) and the public disclosure is today (3 october).
So my questions:
1) Does Website Owner Notification Process by the OpenBugBounty Platform work? I mean, how we as researchers know that the sent emails have received by website owner or not? The platform does not inform about this. For example, info@ and support@ sent successfully, but contact@ failed.
2) To prevent any misunderstanding, could you please write explicitly security contact that provided when submitting the issue in the "Using security contacts provided by the researcher" Section? I myself often forget about the security contact that I provided in the past once submitted the issues.
Need your clarification for #1 and your opinion for #2.
Regards.
Currently, I, at my discretion, sent additional notification email using Send Notification Feature yesterday (2 October) for one of my submissions because I did not receive any response since date of vulnerability reported. I got a response just a few hours from website owner and as usually, I sent the vulnerability details. Unfortunately, the website owner is angry about why long delay because there is no notification when the issue identified (5 July) and the public disclosure is today (3 october).
So my questions:
1) Does Website Owner Notification Process by the OpenBugBounty Platform work? I mean, how we as researchers know that the sent emails have received by website owner or not? The platform does not inform about this. For example, info@ and support@ sent successfully, but contact@ failed.
2) To prevent any misunderstanding, could you please write explicitly security contact that provided when submitting the issue in the "Using security contacts provided by the researcher" Section? I myself often forget about the security contact that I provided in the past once submitted the issues.
Need your clarification for #1 and your opinion for #2.
Regards.