zlacker

[return to "XBOW, an autonomous penetration tester, has reached the top spot on HackerOne"]
1. mkagen+gp[view] [source] 2025-06-24 18:19:06
>>summar+(OP)
> XBOW submitted nearly 1,060 vulnerabilities.

Yikes, explains why my manually submitted single vulnerability is taking weeks to triage.

◧◩
2. tptace+Ds[view] [source] 2025-06-24 18:37:40
>>mkagen+gp
The XBOW people are not randos.
◧◩◪
3. lcnPyl+tt[view] [source] 2025-06-24 18:40:18
>>tptace+Ds
That's not their point, I think. They're just saying that those nearly 1060 vulnerabilities are being processed so theirs is being ignored (hence "triage").
◧◩◪◨
4. tptace+3u[view] [source] 2025-06-24 18:43:17
>>lcnPyl+tt
If that's all they're saying then there isn't much to do with the sentiment; if you're legit-finding #1061 after legit-findings #1-#1060, that's just life in the NFL. I took instead the meaning that the findings ahead of them were less than legit.
◧◩◪◨⬒
5. croes+Kx[view] [source] 2025-06-24 18:58:05
>>tptace+3u
Whether it is legit-finding is precisely what needs to be checked, but you’re at spot 1061.

>130 resolved

>303 were classified as Triaged

>33 reports marked as new

>125 remain pending

>208 were marked as duplicates

>209 as informative

>36 not applicable

20% bind a lot of resources if you have a high input on submissions and the numbers will rise

◧◩◪◨⬒⬓
6. tptace+5z[view] [source] 2025-06-24 19:03:49
>>croes+Kx
I think some context I probably don't share with the rest of this thread is that the average quality of a Hacker One submission is incredibly low. Like however bad you think the median bounty submission is, it's worse; think "people threatening to take you to court for not paying them for their report that they can 'XSS' you with the Chrome developer console".
[go to top]