Tag Team A Bug?

Is there any way to work on a bug with another researcher?

I have found 62.73% of a bug on one of the public bounty programs but I cant weaponize it. Everything (RFC, Status Codes, ETC) is telling me that I have a bug I just cant “prove-prove” it. I am sure another more talented and attractive researcher would be able to turn this into a full fledged POC.

It would be nice to work on my research with someone else while keeping some of the credit. I bring in smarter people in my real job when I am struggling and it would be nice to have that option here in some form.

1 Like

We don’t have a way to do this in the product at the moment, but you could do this privately/directly with another researcher. You would have to handle compensating the other researcher for their work too.

This is great feedback though, it’s definitely something I will bring up with our development and operations team.

I’m more than happy to help out, PM me, shoot an email at avlidienbrunn^gmail^com or find me on freenode IRC (avlidienbrunn). Not to hijack your thread but I would love to see some kind of way to collaborate hunting bugs in a bug bounty :slight_smile:

3 Likes

This is awesome. Great to see people working together. I hope when I figure out how to research bugs, that someone will want to help me!

1 Like

I have always gone with the ‘share some beers’ philosophy – if you get help – pay it forward and help somebody else, and above all take care of the person who helped you. Interestingly enough, it is harder to send money to foreign countries than it is beer…

Yeah the number of times I’ve always wanted to shoot some ideas at someone else in the same mindset because I have “something” but it’s not yet a vulnerability… but yeah that would be hard to manage for kudos points - maybe just split them but they’d need to re-work the back-end. Nice idea though!

would love to help too. more interested in understanding and exploiting the flaw instead of the reward on this :smile:

1 Like

Teaming Bounties definitely sounds like an interesting feature. Especially is the application can track and pay out accordingly.