The ability to view the conversation between the triagers and the programs will be really good. When an issue gets reported, the understanding conveyed to the program by the triagers is not visible to the reporter. This can cause gaps between what the finder has reported and what is explained to the program. If this communication is visible, it would benefit both parties.
Response time can be improved. The HackerOne Trust team can be slow to respond sometimes. They're not using AI, which could help reduce the number of duplicate reports.
One issue I've experienced is traffic. Many people try to participate when an opportunity with a bounty of around 1,000-15,000 dollars comes up. In this case, the first person to report the vulnerability gets the bounty. If a second person reports the same vulnerability, they are marked as duplicated instead of receiving some recognition. The second person also invested time finding the issue, so I think this can be improved.
Application security is a significant challenge for software engineers, as well as for security and DevOps professionals. It comprises the measures taken to improve the security of online services and websites against malicious attacks by finding, repairing, and preventing security weaknesses and vulnerabilities.
The ability to view the conversation between the triagers and the programs will be really good. When an issue gets reported, the understanding conveyed to the program by the triagers is not visible to the reporter. This can cause gaps between what the finder has reported and what is explained to the program. If this communication is visible, it would benefit both parties.
Response time can be improved. The HackerOne Trust team can be slow to respond sometimes. They're not using AI, which could help reduce the number of duplicate reports.
One issue I've experienced is traffic. Many people try to participate when an opportunity with a bounty of around 1,000-15,000 dollars comes up. In this case, the first person to report the vulnerability gets the bounty. If a second person reports the same vulnerability, they are marked as duplicated instead of receiving some recognition. The second person also invested time finding the issue, so I think this can be improved.