[xmodem]

HackerOne, BugCrowd, et al don't appear to make any serious effort to vet reports themselves.

[hashstring]

Is that true? I thought you could pay for a H1 service that basically had professionals triaging the vulnerabilities and only pass on the correct ones?

[ycombinatrix]

Our company pays for one of these third party triage services for H1.

The quality is seriously lacking. They have dismissed many valid findings.

[hashstring]

Ah thank you for the info!

From what I understood, the service is also (very) expensive. Wild.