Is there any way to work on a bug with another researcher?
I have found 62.73% of a bug on one of the public bounty programs but I cant weaponize it. Everything (RFC, Status Codes, ETC) is telling me that I have a bug I just cant “prove-prove” it. I am sure another more talented and attractive researcher would be able to turn this into a full fledged POC.
It would be nice to work on my research with someone else while keeping some of the credit. I bring in smarter people in my real job when I am struggling and it would be nice to have that option here in some form.
We don’t have a way to do this in the product at the moment, but you could do this privately/directly with another researcher. You would have to handle compensating the other researcher for their work too.
This is great feedback though, it’s definitely something I will bring up with our development and operations team.
I’m more than happy to help out, PM me, shoot an email at avlidienbrunn^gmail^com or find me on freenode IRC (avlidienbrunn). Not to hijack your thread but I would love to see some kind of way to collaborate hunting bugs in a bug bounty
I have always gone with the ‘share some beers’ philosophy – if you get help – pay it forward and help somebody else, and above all take care of the person who helped you. Interestingly enough, it is harder to send money to foreign countries than it is beer…
Yeah the number of times I’ve always wanted to shoot some ideas at someone else in the same mindset because I have “something” but it’s not yet a vulnerability… but yeah that would be hard to manage for kudos points - maybe just split them but they’d need to re-work the back-end. Nice idea though!
