Page 1 of 2
New features
Posted: Fri Jan 26, 2018 12:31 pm
by x1admin
Hi Folks,
We pursue continuous improvement of our platform for the benefit of community and website owners.
Among the new features:
1) We revised disclosure, notification and coordination processes to comply with the ISO 29147 standard. A lot of minor improvements on all sections of the website. Please read here:
https://www.openbugbounty.org/open-bug-bounty/
2) We removed mass posting feature. Very few researchers were using it, and unfortunately many of the websites reported via it had a very long period to patch the vulnerability. Our main purpose is to bring value to website owners and help them properly patch the vulnerabilities in a timely manner, therefore, mass posting does not exist anymore.
3) Additional information when reporting vulnerabilities: some fields, like source of the vulnerability, will help website owners to better identify the problem and remediate it faster.
4) Last, but not least: now security researchers can rate the website on which they report vulnerabilities. Researchers with 10 recommendations AND at least 3 golden badges - can comment and rate any website. Independent and verified ratings will help community to better coordinate its efforts to make Web safer. Don't hesitate to share positive feedback about the experience you had in the past with the website owners!
Please share your thoughts and report any bugs here!
Re: New features
Posted: Fri Jan 26, 2018 12:40 pm
by vpq_wtf
Why remove a feature that *some* researchers were using?
I was using that feature every single day, now I'm going to have to go out of my way to write a script which will submit through the manual function and bypass captcha which will take me weeks.
I've received good feedback from this feature and actually, it's all I have been using for almost 5 months now.
Can you consider removing the captcha on the manual function at least?
Considering this platform works off researchers, we should be working together, not against each other, it's simply stupid for me to have to do this, so it would be nice if we could come to some agreement and not just "no sorry".
EDIT: Of course, you have switched the captcha to recaptcha now, which is almost impossible to bypass.
Can we work on some solution man?
Re: New features
Posted: Fri Jan 26, 2018 2:34 pm
by secuninja
is there a way to do the patch check within the report still? cannot find it?
Re: New features
Posted: Fri Jan 26, 2018 8:24 pm
by Cole
Seems to be an issue with Vulnerability Fixed part.
Check
https://www.openbugbounty.org/reports/246794/
"30 November, -0001"
Re: New features
Posted: Fri Jan 26, 2018 8:38 pm
by x1admin
Re: New features
Posted: Sun Jan 28, 2018 4:26 pm
by vpq_wtf
x1admin wrote: ↑Fri Jan 26, 2018 8:38 pm
thanks fixed
Why remove a feature that *some* researchers were using?
I was using that feature every single day, now I'm going to have to go out of my way to write a script which will submit through the manual function and bypass captcha which will take me weeks.
I've received good feedback from this feature and actually, it's all I have been using for almost 5 months now.
Can you consider removing the captcha on the manual function at least?
Considering this platform works off researchers, we should be working together, not against each other, it's simply stupid for me to have to do this, so it would be nice if we could come to some agreement and not just "no sorry".
EDIT: Of course, you have switched the captcha to recaptcha now, which is almost impossible to bypass.
Can we work on some solution man?
Re: New features
Posted: Sun Jan 28, 2018 9:07 pm
by x1admin
vpq_wtf wrote: ↑Sun Jan 28, 2018 4:26 pm
x1admin wrote: ↑Fri Jan 26, 2018 8:38 pm
thanks fixed
Why remove a feature that *some* researchers were using?
I was using that feature every single day, now I'm going to have to go out of my way to write a script which will submit through the manual function and bypass captcha which will take me weeks.
I've received good feedback from this feature and actually, it's all I have been using for almost 5 months now.
Can you consider removing the captcha on the manual function at least?
Considering this platform works off researchers, we should be working together, not against each other, it's simply stupid for me to have to do this, so it would be nice if we could come to some agreement and not just "no sorry".
EDIT: Of course, you have switched the captcha to recaptcha now, which is almost impossible to bypass.
Can we work on some solution man?
we focus on quality, not quantity
you sended 200k+ reports and only 4000 was approved
Re: New features
Posted: Mon Jan 29, 2018 1:54 am
by CoolCanuck97
What happened to the check for patch feature? This is critical... I have quite a few "unpatched" that will now show as taking forever to patch by the site owner.
UPDATE: Lots of HTTP 500 errors. What's up?
eg:
https://www.openbugbounty.org/reports/228340/
Re: New features
Posted: Mon Jan 29, 2018 7:47 am
by x1admin
CoolCanuck97 wrote: ↑Mon Jan 29, 2018 1:54 am
What happened to the check for patch feature? This is critical... I have quite a few "unpatched" that will now show as taking forever to patch by the site owner.
UPDATE: Lots of HTTP 500 errors. What's up?
eg:
https://www.openbugbounty.org/reports/228340/
we don't change "check for patch"
Re: New features
Posted: Mon Jan 29, 2018 2:38 pm
by AndresERiveraB
x1admin wrote: ↑Mon Jan 29, 2018 7:47 am
CoolCanuck97 wrote: ↑Mon Jan 29, 2018 1:54 am
What happened to the check for patch feature? This is critical... I have quite a few "unpatched" that will now show as taking forever to patch by the site owner.
UPDATE: Lots of HTTP 500 errors. What's up?
eg:
https://www.openbugbounty.org/reports/228340/
we don't change "check for patch"
for some reports there are no option to check for patch..
for example this has not that option.
https://www.openbugbounty.org/reports/191861/
also this one
https://www.openbugbounty.org/reports/191868/
