|
|
|
|
|
|
by dsl
2693 days ago
|
|
|
Where did you report it, was it acknowledged, and was it ultimately fixed? Having ran a large bug bounty program before, I can tell you a few things could have happened here... * Issue was mis-triaged, or deemed to be very low impact - Maybe it depended on a very specific set of circumstances that was not expected to commonly occur. Usually these get silently routed to QA to investigate. * Issue was completely overlooked - Unlikely, but security@ is a ticket queue too. Sometimes a misclick happens, or a spam filter picks it up. For every valid report, you can get 100-1000 unrelated messages. * Issue was already known - Not good to silently ignore, but if it was already reported and in the pipeline, it probably got closed as a duplicate. Companies don't like to discuss vulnerabilities that are being actively fixed. |
|
|