New features
Hi Folks,
We pursue continuous improvement of our platform for the benefit of community and website owners.
Among the new features:
1) We revised disclosure, notification and coordination processes to comply with the ISO 29147 standard. A lot of minor improvements on all sections of the website. Please read here: https://www.openbugbounty.org/open-bug-bounty/
2) We removed mass posting feature. Very few researchers were using it, and unfortunately many of the websites reported via it had a very long period to patch the vulnerability. Our main purpose is to bring value to website owners and help them properly patch the vulnerabilities in a timely manner, therefore, mass posting does not exist anymore.
3) Additional information when reporting vulnerabilities: some fields, like source of the vulnerability, will help website owners to better identify the problem and remediate it faster.
4) Last, but not least: now security researchers can rate the website on which they report vulnerabilities. Researchers with 10 recommendations AND at least 3 golden badges - can comment and rate any website. Independent and verified ratings will help community to better coordinate its efforts to make Web safer. Don't hesitate to share positive feedback about the experience you had in the past with the website owners!
Please share your thoughts and report any bugs here!
We pursue continuous improvement of our platform for the benefit of community and website owners.
Among the new features:
1) We revised disclosure, notification and coordination processes to comply with the ISO 29147 standard. A lot of minor improvements on all sections of the website. Please read here: https://www.openbugbounty.org/open-bug-bounty/
2) We removed mass posting feature. Very few researchers were using it, and unfortunately many of the websites reported via it had a very long period to patch the vulnerability. Our main purpose is to bring value to website owners and help them properly patch the vulnerabilities in a timely manner, therefore, mass posting does not exist anymore.
3) Additional information when reporting vulnerabilities: some fields, like source of the vulnerability, will help website owners to better identify the problem and remediate it faster.
4) Last, but not least: now security researchers can rate the website on which they report vulnerabilities. Researchers with 10 recommendations AND at least 3 golden badges - can comment and rate any website. Independent and verified ratings will help community to better coordinate its efforts to make Web safer. Don't hesitate to share positive feedback about the experience you had in the past with the website owners!
Please share your thoughts and report any bugs here!
Re: New features
Why remove a feature that *some* researchers were using?
I was using that feature every single day, now I'm going to have to go out of my way to write a script which will submit through the manual function and bypass captcha which will take me weeks.
I've received good feedback from this feature and actually, it's all I have been using for almost 5 months now.
Can you consider removing the captcha on the manual function at least?
Considering this platform works off researchers, we should be working together, not against each other, it's simply stupid for me to have to do this, so it would be nice if we could come to some agreement and not just "no sorry".
EDIT: Of course, you have switched the captcha to recaptcha now, which is almost impossible to bypass.
Can we work on some solution man?
I was using that feature every single day, now I'm going to have to go out of my way to write a script which will submit through the manual function and bypass captcha which will take me weeks.
I've received good feedback from this feature and actually, it's all I have been using for almost 5 months now.
Can you consider removing the captcha on the manual function at least?
Considering this platform works off researchers, we should be working together, not against each other, it's simply stupid for me to have to do this, so it would be nice if we could come to some agreement and not just "no sorry".
EDIT: Of course, you have switched the captcha to recaptcha now, which is almost impossible to bypass.
Can we work on some solution man?
Last edited by vpq_wtf on Fri Jan 26, 2018 6:30 pm, edited 1 time in total.
Re: New features
is there a way to do the patch check within the report still? cannot find it?
Re: New features
Seems to be an issue with Vulnerability Fixed part.
Check https://www.openbugbounty.org/reports/246794/
"30 November, -0001"
Check https://www.openbugbounty.org/reports/246794/
"30 November, -0001"
Re: New features
thanks fixedSHR00MHEAD wrote: ↑Fri Jan 26, 2018 8:24 pmSeems to be an issue with Vulnerability Fixed part.
Check https://www.openbugbounty.org/reports/246794/
"30 November, -0001"
Re: New features
Why remove a feature that *some* researchers were using?x1admin wrote: ↑Fri Jan 26, 2018 8:38 pmthanks fixedSHR00MHEAD wrote: ↑Fri Jan 26, 2018 8:24 pmSeems to be an issue with Vulnerability Fixed part.
Check https://www.openbugbounty.org/reports/246794/
"30 November, -0001"
I was using that feature every single day, now I'm going to have to go out of my way to write a script which will submit through the manual function and bypass captcha which will take me weeks.
I've received good feedback from this feature and actually, it's all I have been using for almost 5 months now.
Can you consider removing the captcha on the manual function at least?
Considering this platform works off researchers, we should be working together, not against each other, it's simply stupid for me to have to do this, so it would be nice if we could come to some agreement and not just "no sorry".
EDIT: Of course, you have switched the captcha to recaptcha now, which is almost impossible to bypass.
Can we work on some solution man?
Re: New features
we focus on quality, not quantityvpq_wtf wrote: ↑Sun Jan 28, 2018 4:26 pmWhy remove a feature that *some* researchers were using?x1admin wrote: ↑Fri Jan 26, 2018 8:38 pmthanks fixedSHR00MHEAD wrote: ↑Fri Jan 26, 2018 8:24 pmSeems to be an issue with Vulnerability Fixed part.
Check https://www.openbugbounty.org/reports/246794/
"30 November, -0001"
I was using that feature every single day, now I'm going to have to go out of my way to write a script which will submit through the manual function and bypass captcha which will take me weeks.
I've received good feedback from this feature and actually, it's all I have been using for almost 5 months now.
Can you consider removing the captcha on the manual function at least?
Considering this platform works off researchers, we should be working together, not against each other, it's simply stupid for me to have to do this, so it would be nice if we could come to some agreement and not just "no sorry".
EDIT: Of course, you have switched the captcha to recaptcha now, which is almost impossible to bypass.
Can we work on some solution man?
you sended 200k+ reports and only 4000 was approved
- CoolCanuck97
- Posts:34
- Joined:Sun Jun 12, 2016 11:07 pm
Re: New features
What happened to the check for patch feature? This is critical... I have quite a few "unpatched" that will now show as taking forever to patch by the site owner.
UPDATE: Lots of HTTP 500 errors. What's up?
eg: https://www.openbugbounty.org/reports/228340/
UPDATE: Lots of HTTP 500 errors. What's up?
eg: https://www.openbugbounty.org/reports/228340/
Site Username: CoolCanuck
Re: New features
we don't change "check for patch"CoolCanuck97 wrote: ↑Mon Jan 29, 2018 1:54 amWhat happened to the check for patch feature? This is critical... I have quite a few "unpatched" that will now show as taking forever to patch by the site owner.
UPDATE: Lots of HTTP 500 errors. What's up?
eg: https://www.openbugbounty.org/reports/228340/
-
- Posts:62
- Joined:Fri Oct 28, 2016 3:13 am
- Contact:
Re: New features
for some reports there are no option to check for patch..x1admin wrote: ↑Mon Jan 29, 2018 7:47 amwe don't change "check for patch"CoolCanuck97 wrote: ↑Mon Jan 29, 2018 1:54 amWhat happened to the check for patch feature? This is critical... I have quite a few "unpatched" that will now show as taking forever to patch by the site owner.
UPDATE: Lots of HTTP 500 errors. What's up?
eg: https://www.openbugbounty.org/reports/228340/
for example this has not that option.
https://www.openbugbounty.org/reports/191861/
also this one https://www.openbugbounty.org/reports/191868/
Who is online
Users browsing this forum: No registered users and 1 guest