Closed cyb3rsalih closed 2 years ago
The current policy for Bugcrowd - and I believe also Hackerone, is that once a report is marked as resolved, it can be resubmitted if it still exists. I think the existing policy is probably fine.
Sorry, maybe I can't tell well the situation. Most of programs doesn't notify the duplicated report. So original report get rewarded and duplicated one still stays duplicate.
In both Bugcrowd and Hackerone when the original report is marked as resolved, the duplicate bug is also updated to resolved automatically.
Thanks.
Hacker submits a bug but closed as duplicate. But after the old report closed as resolved, duplicated report still reproducible.
Resolution: Disclosed report status should changed to triage and, the program should pay the relevant bounty.