๐ Unfair Experience in a Bug Bounty Program
Recently, I found a critical sensitive information disclosure in a program listed on a bug bounty platform.
I was even able to access and install system files like changelog, webconfig, system files, and other sensitive data. As a bug hunter, I responsibly reported everything, explained how it worked, and even told them how to fix it.
The issue was fixed exactly as I described โ but even after two months, my report is still only triaged, not accepted. I also reported it again directly on the platform where I hunt, but nothing changed.
Honestly, this feels unfair. We security researchers spend our time and effort to make systems safer. When valid reports get ignored after being fixed, it really kills motivation.
Bug bounty platforms and programs should ensure fairness, transparency, and proper recognition for researchers. Otherwise, such experiences will only push researchers away from responsible disclosure โ which helps no one.
#BugBounty #CyberSecurity #EthicalHacking #Infosec #ResponsibleDisclosure #BugBountyCommunity