zlacker

[parent] [thread] 4 comments
1. keisbo+(OP)[view] [source] 2025-06-25 14:54:43
«XBOW submitted nearly 1,060 vulnerabilities. All findings were fully automated, though our security team reviewed them pre-submission to comply with HackerOne’s policy on automated tools»

That seems a bit unethical. I’ve thought companies specifically deny usage of automated tools. A bit too late ey…?

replies(1): >>8200_u+zb
2. 8200_u+zb[view] [source] 2025-06-25 16:01:41
>>keisbo+(OP)
They acknowledge that in the article and all submissions are human reviewed before they are submitted.
replies(1): >>keisbo+Yk
◧◩
3. keisbo+Yk[view] [source] [discussion] 2025-06-25 16:48:44
>>8200_u+zb
The policies states it’s not allowed to use automated tools, not to submit report using automated tools alone. Human review does not really change that.
replies(1): >>slt202+0E
◧◩◪
4. slt202+0E[view] [source] [discussion] 2025-06-25 18:39:12
>>keisbo+Yk
if a human reviewer can repro the bug, there is no difference between automated or human found bug.

bug works and is repro - as a software owner, do you care if human or ai found it?

replies(1): >>keisbo+UG
◧◩◪◨
5. keisbo+UG[view] [source] [discussion] 2025-06-25 18:56:47
>>slt202+0E
I cannot answer for all the program owners, but I imagine that there are other concerns than reproducibility
[go to top]