Removal of *QUICKEST PATCHED*?
Hi,
What is the purpose of this section when submissions aren't checked on a regular basis for integrity?
Can you explain how this section exactly works and what classifies as a patch to the system that checks for this?
I'm sure there are many submissions that are marked as unpatched which are actually patched right now.
For example, I just selected a random submission from a profile: https://www.openbugbounty.org/reports/220549/ which is patched but marked as unpatched.
So in this case, *quickest patched* doesn't make sense at all because this submission was patched a while ago.
If this is something that is done by the researcher manually, perhaps you should consider a feature to check all submissions for a patch.
vpq_wtf
What is the purpose of this section when submissions aren't checked on a regular basis for integrity?
Can you explain how this section exactly works and what classifies as a patch to the system that checks for this?
I'm sure there are many submissions that are marked as unpatched which are actually patched right now.
For example, I just selected a random submission from a profile: https://www.openbugbounty.org/reports/220549/ which is patched but marked as unpatched.
So in this case, *quickest patched* doesn't make sense at all because this submission was patched a while ago.
If this is something that is done by the researcher manually, perhaps you should consider a feature to check all submissions for a patch.
vpq_wtf
Re: Removal of *QUICKEST PATCHED*?
you can use this thread viewtopic.php?f=10&t=179 if you have reports that not marked as patchedvpq_wtf wrote: ↑Tue Jul 25, 2017 5:38 pmHi,
What is the purpose of this section when submissions aren't checked on a regular basis for integrity?
Can you explain how this section exactly works and what classifies as a patch to the system that checks for this?
I'm sure there are many submissions that are marked as unpatched which are actually patched right now.
For example, I just selected a random submission from a profile: https://www.openbugbounty.org/reports/220549/ which is patched but marked as unpatched.
So in this case, *quickest patched* doesn't make sense at all because this submission was patched a while ago.
If this is something that is done by the researcher manually, perhaps you should consider a feature to check all submissions for a patch.
vpq_wtf
Re: Removal of *QUICKEST PATCHED*?
Yes, but this defeats the purpose of this section because there is no way you're going to mark it as patched within 4 minutes or an hour.
Re: Removal of *QUICKEST PATCHED*?
Currently a mass patch verification is in progress - all patched (but marked as unpatched) vulnerabilities will be added to researcher statistics.
In the future, such mass checks will be regular and automated, moreover with new submission and disclosure policy - very few submissions will go live unpatched.
In the future, such mass checks will be regular and automated, moreover with new submission and disclosure policy - very few submissions will go live unpatched.
-
- Posts:6
- Joined:Wed Jun 14, 2017 2:01 pm
Re: Removal of *QUICKEST PATCHED*?
Your "quickest patch" feature is broken anyway. Take this submission for example: https://www.openbugbounty.org/reports/68865/
Vulnerability existence verified and confirmed
29 June, 2015 at 19:45 GMT
Patched:
Yes, at 29.06.2015
Latest check for patch:
29.06.2015 20:10 GMT
According to your own statistics, this was patched 25 minutes after being reported... yet it is not listed on 'quickest patched' section. Clearly something is broken here. I know this was patched within ~20mins because I recall it being one of the quickest patches I've ever seen deployed in my history of reporting bugs.
Vulnerability existence verified and confirmed
29 June, 2015 at 19:45 GMT
Patched:
Yes, at 29.06.2015
Latest check for patch:
29.06.2015 20:10 GMT
According to your own statistics, this was patched 25 minutes after being reported... yet it is not listed on 'quickest patched' section. Clearly something is broken here. I know this was patched within ~20mins because I recall it being one of the quickest patches I've ever seen deployed in my history of reporting bugs.
Re: Removal of *QUICKEST PATCHED*?
we show quickest patches for last yearinsecurity wrote: ↑Fri Jul 28, 2017 11:17 amYour "quickest patch" feature is broken anyway. Take this submission for example: https://www.openbugbounty.org/reports/68865/
Vulnerability existence verified and confirmed
29 June, 2015 at 19:45 GMT
Patched:
Yes, at 29.06.2015
Latest check for patch:
29.06.2015 20:10 GMT
According to your own statistics, this was patched 25 minutes after being reported... yet it is not listed on 'quickest patched' section. Clearly something is broken here. I know this was patched within ~20mins because I recall it being one of the quickest patches I've ever seen deployed in my history of reporting bugs.
-
- Posts:6
- Joined:Wed Jun 14, 2017 2:01 pm
-
- Posts:6
- Joined:Wed Jun 14, 2017 2:01 pm
Re: Removal of *QUICKEST PATCHED*?
How does this mass patch verification work? I see many patched vulns on my profile still marked as unpatched, with 'latest check for patch' showing dates from months ago?x1admin wrote: ↑Thu Jul 27, 2017 6:33 pmCurrently a mass patch verification is in progress - all patched (but marked as unpatched) vulnerabilities will be added to researcher statistics.
In the future, such mass checks will be regular and automated, moreover with new submission and disclosure policy - very few submissions will go live unpatched.
Re: Removal of *QUICKEST PATCHED*?
we check all reports for patch, it takes a long timeinsecurity wrote: ↑Fri Jul 28, 2017 5:03 pmHow does this mass patch verification work? I see many patched vulns on my profile still marked as unpatched, with 'latest check for patch' showing dates from months ago?x1admin wrote: ↑Thu Jul 27, 2017 6:33 pmCurrently a mass patch verification is in progress - all patched (but marked as unpatched) vulnerabilities will be added to researcher statistics.
In the future, such mass checks will be regular and automated, moreover with new submission and disclosure policy - very few submissions will go live unpatched.
Who is online
Users browsing this forum: No registered users and 2 guests