cool/sad MT @Bugcrowd: Accuracy - Our new metric helps researchers measure the % of valid vulns they submit
http://bgcd.co/1vZspXI
-
-
-
Replying to @anshuman_bh
.
@anshuman_bh sad because many researchers have accuracy<50%. IMO accuracy <95% wastes SOMEONE'S time. Great data by@Bugcrowd tho :)2 replies 2 retweets 0 likes -
Replying to @SushiDude
@SushiDude@Bugcrowd yeah, anything less than 50% is no-bueno. 95% is a little big high. not sure if that can be achieved with bug bounties1 reply 0 retweets 0 likes -
Replying to @anshuman_bh
@SushiDude@Bugcrowd specially cuz a lot of times, its a design issue or won't fix or something or the other. that's not really a waste imho3 replies 0 retweets 0 likes -
Replying to @anshuman_bh
.
@anshuman_bh ideally a researcher's Accuracy rating should be based on what's real, not what the vendor chooses to fix [2/2]@Bugcrowd2 replies 0 retweets 1 like -
Replying to @SushiDude
@SushiDude@Bugcrowd Depends on whose perspective you're looking from. From a program, yes. From a researcher, no. [1/2]2 replies 0 retweets 0 likes -
Replying to @anshuman_bh
.
@anshuman_bh IMO, diligent researchers verify results before reporting & (advanced) understands the target's threat model@Bugcrowd2 replies 2 retweets 1 like -
Replying to @SushiDude
@SushiDude@Bugcrowd I agree 100%. I do my best to be diligent. Not all the time because it is a race to submit first. That's a fact.1 reply 1 retweet 1 like -
Replying to @anshuman_bh
.
@anshuman_bh race to be first strikes me as an inappropriate incentive that increases false-positive rate :-( difficult problem@Bugcrowd7 replies 0 retweets 1 like
@SushiDude @anshuman_bh @Bugcrowd see @jkouns talk on bug bounties? they *have* to race or may lose out on a bounty completely.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.