hakluke/bug-bounty-standards

A list of edge cases that occur in bug bounty programs, conversations on how they should be handled. The goal is to standardise the way that specific situations are handled in bug bounties.

Issues

VDPs outside of Platforms
#11 opened a year ago by ved009
0
Duping XSS on input rather than output
#9 opened a year ago by foobar7
1
Scope attribution
#6 opened 2 years ago by hpy
1
Variant of ID 8: Acquisition
#2 opened a year ago by jhaddix
2
Retesting, Payments & when to open new report
#10 opened a year ago by foobar7
0
Vulnerability reversion
#7 opened 2 years ago by hpy
7
Disclosing a non-bug
#4 opened 3 years ago by alxbrsn
5
Bounty range
#8 opened 2 years ago by hpy
0
Scenario
#1 opened 3 years ago by cyb3rsalih
4
Open/triaged report left without update for >12 months
#5 opened 3 years ago by bl4de
2