bug-bounty-standards icon indicating copy to clipboard operation
bug-bounty-standards copied to clipboard

Published 20 hours ago verified publisher icon hakluke

Variant of ID 8: Acquisition

Open jhaddix opened this issue 3 years ago • 2 comments

Hacker submits a bug to a program that has an open scope brief. The bug is on an acquisition. The program owner does not control the IT infrastructure or staff of the acquisition.

Resolution: The program owner should make a good faith effort, verified by the platform, to inform the acquisition. Should the acquisition benefit from the submission, the program owner should pay the bounty. The brief should be updated to reflect if acquisition(s) are in scope.

jhaddix avatar Jan 17 '22 07:01 jhaddix

Totally agree! I think maybe a good action item for platforms would be to have a visible binary switch on programs. Are acquisitions in scope Y/N. Do you think that would solve it?

hakluke avatar Jan 17 '22 13:01 hakluke

Added

hakluke avatar Jan 20 '22 11:01 hakluke