Bug Bounty Hunting Essentials
上QQ阅读APP看书,第一时间看更新

Responding to the queries of the team

At this point, you have submitted the report and the team has seen it. Now, there are two scenarios. If your report is clear and thorough, the team would readily accept it given that the vulnerability exists. However, even if the report is clear the team may still have some questions, which is natural and does not need to diminish your confidence. Here are a few tips on how to respond to the team if they have queries:

  • Always be respectful
  • Never ask them about the resolution or fix timeline
  • Include more technical details with every comment
  • Be thorough in your provision of technical details
  • Have patience, as the team does have other reports
  • Always ask about the bounty after the resolution
  • Accept politely if the team rejects your report
  • If you still think the issue is valid, you can interject