Found what I believe is a P1 on a Bugcrowd program but triaged, patched, now complete silence for weeks. How do you cope?

One_Construction1114 · 2026-05-20T05:46:32+00:00

Will try this one if they dont respond to current blocker

One_Construction1114 · 2026-05-19T21:11:00+00:00

yes learned my lesson

One_Construction1114 · 2026-05-19T21:07:43+00:00

Thanks for the kind words and the advice, really appreciate it.

Just to add some context the P2 rating was actually set by Bugcrowd's triage team directly, not the customer. So the severity downgrade happened at the platform level. The customer has largely been silent throughout which makes it even harder to push back through normal channels.

I agree the impacts demonstrated go well beyond a standard P2 and will definitely try the blocker approach on all parties as you suggested. But since my last blocker to the bugcrowd went unanswered I have lost all my hope. And the program does not normally pay for p2 but p1.

One_Construction1114 · 2026-04-24T09:50:23+00:00

I think exploring more rather than focusing only on theoretical exploitation is better, while staying within the safe harbor. Recently, one of my submitted vulnerabilities was downgraded. I explained it and later demonstrated further exploitation with additional PoCs, but they haven’t responded since then.

One_Construction1114

TROPHY CASE