Comment by Avamander
4 months ago
This is a common problem with HackerOne and the likes. It's absolutely awful for anything even a tiny bit more unique or rare.
4 months ago
This is a common problem with HackerOne and the likes. It's absolutely awful for anything even a tiny bit more unique or rare.
Blame beg bounty hunters for this
Beg bounty hunters are not to blame for utterly abysmal responses by these platforms. Especially after they ghost the researcher and then moan about publication.
Proper response would be to update your program to triage these vulns and thank the researcher for not going public straight away. This current approach is burning a tremendous amount of goodwill.
You can’t triage them yourself is the point because you get two dozen bogus beg bounty’s each day - this is a full time job! So you need such a platform, etc.pp.