[keisborg]

«XBOW submitted nearly 1,060 vulnerabilities. All findings were fully automated, though our security team reviewed them pre-submission to comply with HackerOne’s policy on automated tools»

That seems a bit unethical. I’ve thought companies specifically deny usage of automated tools. A bit too late ey…?

[8200_unit]

They acknowledge that in the article and all submissions are human reviewed before they are submitted.

[keisborg]

The policies states it’s not allowed to use automated tools, not to submit report using automated tools alone. Human review does not really change that.

[slt2021]

if a human reviewer can repro the bug, there is no difference between automated or human found bug.

bug works and is repro - as a software owner, do you care if human or ai found it?

[keisborg]

I cannot answer for all the program owners, but I imagine that there are other concerns than reproducibility