New features

Your experience of helping website owners
User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm
New features

Post by x1admin » Fri Jan 26, 2018 12:31 pm

Hi Folks,

We pursue continuous improvement of our platform for the benefit of community and website owners.

Among the new features:

1) We revised disclosure, notification and coordination processes to comply with the ISO 29147 standard. A lot of minor improvements on all sections of the website. Please read here: https://www.openbugbounty.org/open-bug-bounty/

2) We removed mass posting feature. Very few researchers were using it, and unfortunately many of the websites reported via it had a very long period to patch the vulnerability. Our main purpose is to bring value to website owners and help them properly patch the vulnerabilities in a timely manner, therefore, mass posting does not exist anymore.

3) Additional information when reporting vulnerabilities: some fields, like source of the vulnerability, will help website owners to better identify the problem and remediate it faster.

4) Last, but not least: now security researchers can rate the website on which they report vulnerabilities. Researchers with 10 recommendations AND at least 3 golden badges - can comment and rate any website. Independent and verified ratings will help community to better coordinate its efforts to make Web safer. Don't hesitate to share positive feedback about the experience you had in the past with the website owners!

Please share your thoughts and report any bugs here!

vpq_wtf
Posts:118
Joined:Mon Apr 25, 2016 3:43 am

Re: New features

Post by vpq_wtf » Fri Jan 26, 2018 12:40 pm

Why remove a feature that *some* researchers were using?

I was using that feature every single day, now I'm going to have to go out of my way to write a script which will submit through the manual function and bypass captcha which will take me weeks.

I've received good feedback from this feature and actually, it's all I have been using for almost 5 months now.

Can you consider removing the captcha on the manual function at least?

Considering this platform works off researchers, we should be working together, not against each other, it's simply stupid for me to have to do this, so it would be nice if we could come to some agreement and not just "no sorry".

EDIT: Of course, you have switched the captcha to recaptcha now, which is almost impossible to bypass.

Can we work on some solution man?
Last edited by vpq_wtf on Fri Jan 26, 2018 6:30 pm, edited 1 time in total.

secuninja
Posts:508
Joined:Fri Apr 28, 2017 2:34 pm

Re: New features

Post by secuninja » Fri Jan 26, 2018 2:34 pm

is there a way to do the patch check within the report still? cannot find it?

User avatar
Cole
Posts:36
Joined:Sun Dec 04, 2016 5:18 am
Contact:

Re: New features

Post by Cole » Fri Jan 26, 2018 8:24 pm

Seems to be an issue with Vulnerability Fixed part.

Check https://www.openbugbounty.org/reports/246794/

"30 November, -0001"

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: New features

Post by x1admin » Fri Jan 26, 2018 8:38 pm

SHR00MHEAD wrote:
Fri Jan 26, 2018 8:24 pm
Seems to be an issue with Vulnerability Fixed part.

Check https://www.openbugbounty.org/reports/246794/

"30 November, -0001"
thanks fixed

vpq_wtf
Posts:118
Joined:Mon Apr 25, 2016 3:43 am

Re: New features

Post by vpq_wtf » Sun Jan 28, 2018 4:26 pm

x1admin wrote:
Fri Jan 26, 2018 8:38 pm
SHR00MHEAD wrote:
Fri Jan 26, 2018 8:24 pm
Seems to be an issue with Vulnerability Fixed part.

Check https://www.openbugbounty.org/reports/246794/

"30 November, -0001"
thanks fixed
Why remove a feature that *some* researchers were using?

I was using that feature every single day, now I'm going to have to go out of my way to write a script which will submit through the manual function and bypass captcha which will take me weeks.

I've received good feedback from this feature and actually, it's all I have been using for almost 5 months now.

Can you consider removing the captcha on the manual function at least?

Considering this platform works off researchers, we should be working together, not against each other, it's simply stupid for me to have to do this, so it would be nice if we could come to some agreement and not just "no sorry".

EDIT: Of course, you have switched the captcha to recaptcha now, which is almost impossible to bypass.

Can we work on some solution man?

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: New features

Post by x1admin » Sun Jan 28, 2018 9:07 pm

vpq_wtf wrote:
Sun Jan 28, 2018 4:26 pm
x1admin wrote:
Fri Jan 26, 2018 8:38 pm
SHR00MHEAD wrote:
Fri Jan 26, 2018 8:24 pm
Seems to be an issue with Vulnerability Fixed part.

Check https://www.openbugbounty.org/reports/246794/

"30 November, -0001"
thanks fixed
Why remove a feature that *some* researchers were using?

I was using that feature every single day, now I'm going to have to go out of my way to write a script which will submit through the manual function and bypass captcha which will take me weeks.

I've received good feedback from this feature and actually, it's all I have been using for almost 5 months now.

Can you consider removing the captcha on the manual function at least?

Considering this platform works off researchers, we should be working together, not against each other, it's simply stupid for me to have to do this, so it would be nice if we could come to some agreement and not just "no sorry".

EDIT: Of course, you have switched the captcha to recaptcha now, which is almost impossible to bypass.

Can we work on some solution man?
we focus on quality, not quantity
you sended 200k+ reports and only 4000 was approved

User avatar
CoolCanuck97
Posts:34
Joined:Sun Jun 12, 2016 11:07 pm

Re: New features

Post by CoolCanuck97 » Mon Jan 29, 2018 1:54 am

What happened to the check for patch feature? This is critical... I have quite a few "unpatched" that will now show as taking forever to patch by the site owner. :(

UPDATE: Lots of HTTP 500 errors. What's up?
eg: https://www.openbugbounty.org/reports/228340/
Site Username: CoolCanuck

User avatar
x1admin
Site Admin
Posts:3101
Joined:Sun Nov 15, 2015 7:04 pm

Re: New features

Post by x1admin » Mon Jan 29, 2018 7:47 am

CoolCanuck97 wrote:
Mon Jan 29, 2018 1:54 am
What happened to the check for patch feature? This is critical... I have quite a few "unpatched" that will now show as taking forever to patch by the site owner. :(

UPDATE: Lots of HTTP 500 errors. What's up?
eg: https://www.openbugbounty.org/reports/228340/
we don't change "check for patch"

AndresERiveraB
Posts:62
Joined:Fri Oct 28, 2016 3:13 am
Contact:

Re: New features

Post by AndresERiveraB » Mon Jan 29, 2018 2:38 pm

x1admin wrote:
Mon Jan 29, 2018 7:47 am
CoolCanuck97 wrote:
Mon Jan 29, 2018 1:54 am
What happened to the check for patch feature? This is critical... I have quite a few "unpatched" that will now show as taking forever to patch by the site owner. :(

UPDATE: Lots of HTTP 500 errors. What's up?
eg: https://www.openbugbounty.org/reports/228340/
we don't change "check for patch"
for some reports there are no option to check for patch..
for example this has not that option.
https://www.openbugbounty.org/reports/191861/
also this one https://www.openbugbounty.org/reports/191868/

Image

Post Reply

Who is online

Users browsing this forum: No registered users and 2 guests