A critical with all the bells and whistles listed in ISO29147 should outweigh numerous low effort skid reports, however, if you have numerous low xxs, I think the problem is having a bug bounty programme in the first place.
-
-
-
It seems most don't understand that. They are basically just using it as a way to cheaply outsource security like Katie said.
- Još 1 odgovor
Novi razgovor -
-
-
We’ve considered devaluing XSS in the new year and plan to add a “supercritical” category with payments in the 10-30K range. Open to suggestions on how we can encourage “better” bugs.
-
The problem with "supercritical" bugs on any major platform, is brokers will often pay 6 figures for them.
- Još 3 druga odgovora
Novi razgovor -
-
-
I used
@bugcrowd to report an e-commerce bug then a day later found a related one when used together was significantly worse. Both rated critical, 12 months later they lowered to low, the. paid out a combined $2K (which I’m happy for). Felt like they used dice to choose value. -
The less severe one was $1,500, the worse one $500. I have literally no idea how they made their decision.
Kraj razgovora
Novi razgovor -
-
-
Bounties in my opinion are a hit or miss, whether you trust the company enough to actually give you the bounty instead of saying it's a duplicate report and thank you for your time. It's really a cat and mouse game.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
...and pointing out very dangerous, easy to spot, totally old design flaws & lack of the most basic security hygiene like changing default passwords doesn't pay out at all. Fun world.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
-
-
Poor pricing model. Karl Friedrich Gaus could do it better.
Hvala. Twitter će to iskoristiti za poboljšanje vaše vremenske crte. PoništiPoništi
-
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.