A list of edge cases that occur in bug bounty programs, conversations on how they should be handled. The goal is to standardise the way that specific situations are handled in bug bounties.
Hacker exploits a vulnerability on site1.com through an endpoint on site2.com. The triager attributes the exploit to site2.com which has a lower reward amount.
Resolution:
A triager and program should make a good faith effort to attribute a vulnerability to the highest paying impacted resource.
Hacker exploits a vulnerability on site1.com through an endpoint on site2.com. The triager attributes the exploit to site2.com which has a lower reward amount.
Resolution: A triager and program should make a good faith effort to attribute a vulnerability to the highest paying impacted resource.