-
Greetings, fellow friends from the infosec industry! I was directed here from the [Bugcrowd Security Forums](https://forum.bugcrowd.com/t/bugcrowds-vulnerability-rating-taxonomy/940/4?u=kongwenbin) to…
-
The threat model link on https://bugcrowd.com/freedomofpress points to https://docs.securedrop.org/en/latest/development/threat_model.html which returns a 404.
![image](https://user-images.githubus…
-
Tt should be unnecessary to configure the linter with `--name` just so it can search the readme for `plugins: ${name}#v.*` code blocks, because it's already set in the plugin.yml file. It'll need to h…
-
Dear Bugcrowd,
First of all, I would like to thank your team for opensourcing this project and allowing members of the community to contribute to the development process. I have thought long and ha…
-
FTP Anonymous login presents an issue where an attacker can perform nefarious acts on a server -
largely depending on the privileges an anonymous user can leverage.
I would like to see Bugcrowd …
-
UA sniffing is a tricky beast. While it can help optimize security, it's very error prone. See https://github.com/twitter/secureheaders/issues/381 for a recent example. CSP, when implemented correctly…
-
The BugCrowd VRT contains a category that deals with sensitive application data that is stored unencrypted on local storage:
> P5 Insecure Data Storage -> Sensitive Application Data Stored Unencrypt…
-
Hey guys, just another point arount terminology
there have been cases and current penting cases where a program has web/api/thick client and the scope states that they care for privilidge escala…
-
Hello all,
There has been a massive amount of conversation about this bug... all over the place. I don't really re-hash all that. While I do think that it is valuable for clients to know about, I …
-
Styledocco is long abandoned. Last commit to master branch was on March 30, 2014.
That alone should not be an issue, except that the last version of Styledocco is depending on outdated versions of …