In short, no. We have no record of that vuln ever being marked dupe in the platform. We’re talking to the individual and the client to get to the bottom of what actually happened - We take the task of keeping our programs fair and unbiased very, very seriously… We’re in this to help our clients become more secure, and provide more opportunity for researchers to do their thing.
One thing that has definitely come up out of this (and we were already working on it, but this has helped it along) is for us to find ways to make duplicates more transparent to you guys, giving a clear updates on our processes re managed vs unmanaged programs on Crowdcontrol, and finding better ways to ensure that bugs aren’t just “left in limbo” like this one was.
Does that answer your question?
Unfortunately I’m not able to access the link. This may have to do with the fact that I don’t have a Facebook account. Unless it’s a phishing / 0day link…
Hello Casey Ellis,
To clear this issue for the public we now have uploaded all images we have send to bugcrowd CEO Casey Ellis.
There are differences how this is communicated with us, the “Individual” and the public in general (here in the forum).
We got an email by Casey Ellis yesterday, referring to the issue discussed here. This is what he wrote:
"Hi Benjamin, thanks for sending these through. It’s good timing, we’re working on improvements in some of these areas already, and this feedback has been useful. I’ve cc’d Katrina Rodzon who look after a bunch of the programs here and plays a big role in solving things like this, and helping Bugcrowd better for the researchers and customers too. I’ll stay on the thread, but Katrina will run point on making sure we understand what’s happening here. Also, if you could send through images from other researchers we’d appreciate it.
bugcrowd CEO Casey Ellis"
So yesterday the case was not clear for bugcrowd and they want to “work on improvements”. And before we get a notice of clearance about the issue we read here that our claims are “not true”.
[Lines removed, as they violated the Standard Disclosure Terms - Forum Moderator]
You are very brave to delete my facts to censor me. As far as you censor my legal post to not influence your clients i can drop a good trick. Link it as minimum to a non error page of your terms that exists. Otherwise you are shooting yourself twice in the leg when people read this.
Something went wrong. We couldn’t find the page you were looking for.
If you’re a researcher you might want to try signing in again. If you’re a customer, you can sign in to Crowdcontrol over here.
To clarify, the removal of the link in your post was due to disclosure of private client information in the images. This is in direct violation of our Standard Terms (now correctly linked above, thanks) that you agreed to when submitting to Bugcrowd.
You are welcome to participate here and to share all information as long as you adhere to this agreement and the guidelines of the forum.