A long time ago we would tweet about new public launches, but that tradition stopped as new launches became more of a common thing for us.
We’ve heard from folks that they’d like to know when new public programs go live - how would you like to be notified?
I’m thinking we can test this out via tweets from the @BugcrowdOps twitter account, and eventually we could build out something within the product or a special email list for announcements. What would be most useful to you?
As I always have a browser window or ten open, I vote for browser push notifications. I don’t pay nearly enough attention to Twitter as I probably should. My 2nd vote would be for just a notification only mailing list (no discussions, etc).
In my opinion we should be notified in the same way we are notified of private bounties (via email messages). It’s the same use case, it doesn’t matter it’s a public or a private bounty.
The main reason why we haven’t done that is that the private bounties are only targeted to a small group of people, but public bounties would be open to 17,000+ researchers. And we sometimes have 4-5 public bounties launch in a week…which would result in a TON of email to people.
So maybe a good solution would be an opt-in email notification list or setting?
Got it, it’s not easy to dispatch so many emails.
Sure, an opt-in email notification list or setting would also solve the problem.
But we definitely need some type of notification:
in two different occasions I learned about new public programs when I logged on to report another bug. The public program was live for three days already.
…I need to write more than 20 chars (boo).
Any kind of notification is good. An opt-in mailing list would be ideal and benefits bugcrowd researchers who are already active. right now the only way I figure out there is a new public bounty is I log in randomly and see “new”… and then I get sad because I realised all the XSS’s are probably gone.