Bug Bounty

horgan_p · 08-06-2020 05:09PM #1

Hey ,

Anyone here have experience of bug bountys ? I'm in the middle of submitting my first one(s) and getting a bit lost.

Whats to stop a company taking your report, patching the flaw and then saying "we cant reproduce the issue"

I know the issue existed because I created a video recreating the issue.

Just wondering whats the normal procedure here, as I say, I'm new at this.

Rodney Bathgate · 08-06-2020 05:12PM

With social media and ability to screenshot or record I doubt any company would be stupid enough to try that.

I’d be more worried that someone has steady submitted the issue and yours will be closed as a duplicate.

horgan_p · 08-06-2020 06:01PM

Rodney Bathgate wrote: »

With social media and ability to screenshot or record I doubt any company would be stupid enough to try that.

I’d be more worried that someone has steady submitted the issue and yours will be closed as a duplicate.

Do you have experience in this field ?
If so I've a few more questions

Rodney Bathgate · 08-06-2020 06:08PM

No, but I work for a software company with open source and non-open source products. We have public JIRA projects and private ones. The lead time from an issue being identified / first reported to a fix being rolled out can be weeks or even months depending on resolution complexity and test cases, so there is a possibility they already are aware of the issue and working on a fix. Rushing out a fix can cause more problems than the original issue.

horgan_p · 08-06-2020 06:09PM

Rodney Bathgate wrote: »

With social media and ability to screenshot or record I doubt any company would be stupid enough to try that.

I’d be more worried that someone has steady submitted the issue and yours will be closed as a duplicate.

Do you have experience in this field ?
If so I have a few more questions

Bug Bounty

Comments