Closed cyb3rsalih closed 2 years ago
hakluke
commented
2 years ago The current policy for Bugcrowd - and I believe also Hackerone, is that once a report is marked as resolved, it can be resubmitted if it still exists. I think the existing policy is probably fine.
cyb3rsalih
commented
2 years ago Sorry, maybe I can't tell well the situation. Most of programs doesn't notify the duplicated report. So original report get rewarded and duplicated one still stays duplicate.
hakluke
commented
2 years ago In both Bugcrowd and Hackerone when the original report is marked as resolved, the duplicate bug is also updated to resolved automatically.
cyb3rsalih
commented
2 years ago Thanks.
Hacker submits a bug but closed as duplicate. But after the old report closed as resolved, duplicated report still reproducible.
Resolution: Disclosed report status should changed to triage and, the program should pay the relevant bounty.