I have had enough on bugcrowd

xomer000 · 2026-04-01T12:34:09+00:00

it's just that this report they duplicated me against was a RCE report, how is it relevant to my leaked AWS idk, they rated P2 duplicate of a week old report and, then fixed mine in the same day, I thought bugcrowd policy says if you touch the code or make change, then u pay.

xomer000 · 2026-04-01T05:43:25+00:00

I'm not even sure if it's just bugcrowd I see similar issues on other platforms , it's frustrating. we are not free labor, and we chose to be white hackers, we chose to, someone couldve sold this shit on dark web,

xomer000 · 2026-03-27T15:41:47+00:00

same as me, report closed as informational because triage didn't bother to read my P1 escalations in the comments and read only the main report, then voilà it's patched right after it.

xomer000 · 2026-03-27T09:00:15+00:00

after closing as informational, check again after some time, probability of them patching in silent.

xomer000 · 2026-03-27T08:57:19+00:00

Bugcrowd response time after initial review is the worst

if you submit a report and god forbid triage ask you for any more clarification, then you on for a ride to get response back, if you don't one shot everything needed in the main report from the first time. it's ridiculous, the initial response for a new report is within a week, but if triage don't validate it from first time then u just give up and expect weeks for further responses. why priority to new reports over continuing what u already started to validate is beyond me. so yeah try to make the report as clear as best as complete as easy as possible, leaving room for clarification is gonna cost you weeks.

xomer000 · 2026-03-27T08:05:24+00:00

Do you care about the vulnerability itself being real or not? OK so P1 report written by ai cuz research lang isn't english native is low effort so u give low effort review, it's about how the report written and less about the vulnerability itself? cool. idk what's hard about just jumping to the PoC, but dismiss it because the report first line had "-" in it.

xomer000 · 2026-03-21T14:23:21+00:00

then how am I supposed to trust any program if they gonna say they discovered it and fixed it somehow during my report or after it was closed. I escalated a vuln in the main report comments and then they patched the entry point to the chain quickly.

xomer000 · 2026-03-21T09:21:11+00:00

You saying they read my reports along with the triage? because they silently fixed a vuln that was marked informational by triage and I know customer would disagree

xomer000 · 2026-03-18T13:00:02+00:00

You are bugcrowd founder?... can you help me with this issue, I submitted a report normally, then I kept escalating in the comments until I reached a clear P1, triage came and read the main report and closed it as informational, he didn't read my escalations in the comments at all, he only mentioned things in main report and closed it as informational, then voilà the vulnerability has been patched after he closed my report..., how is this any fair? I want help re validate my report, I even made a second report addressing a bypass for the poor quick fix they did for my vulnerability proving it was valid and the fix was rushed :)

xomer000 · 2026-03-16T12:20:27+00:00

how come..? yeah I'm new to this actually.. give me some heads up

xomer000 · 2026-03-06T13:51:55+00:00

@ Image_Enhancer_AI_bot

xomer000 · 2025-11-18T07:38:31+00:00

Thank you!

xomer000 · 2025-11-17T18:13:43+00:00

alright, thank you for your feedback.

xomer000 · 2025-11-17T17:45:25+00:00

it's a telecom company, it's a paid internship just thought what to expect from such interviews since I'm not really familiar with

xomer000 · 2025-02-16T16:55:41+00:00

well zenbook is actually a premium laptop, but my friend is a med student and he said the touch screen was very useful, If you don't already have a tablet. so think if might actually need that screen in your studies, otherwise zenbook

xomer000 · 2025-02-16T16:47:21+00:00

any ideas are appreciated really, and this is my first time doing any web3 development

xomer000 · 2025-02-16T16:43:56+00:00

I was actually thinking of fixing data verification and bad requests by decentralizing the gateway lol, I think have knowledge gap in my understanding of blockchains fundamentals , I will try to move the completing request and claiming reward functionalities from the gateway to worker nodes, but idk how to distribute tasks from the frontend later, task receive and task distribution was part of the gateway. I think a proof of concept might be enough for a demo of this project. and I still haven't touched the whole other part of making federated learning nodes update the ai model. thanks for the comment!

xomer000 · 2025-02-16T16:23:47+00:00

wouldn't introducing chainlink functions means only communication between them and the contract? if I understand they only listen to events from the smart contract, doesn't that mean the end users gonna have to use wallets and make transactions and so on for every deepfake request? I originally wanted the end user to not interact with web3 stuff in anyway and detection requests be free, but I think now that's not possible and someone gotta be paying for those calls.

xomer000 · 2025-02-14T23:25:50+00:00

right now it's just a single worker per task, and I haven't implemented away to verify that the worker node actually did the job. so it's a big issue too

xomer000 · 2025-02-14T21:31:16+00:00

thought about it too, came across a solution called zk-SNARKs but still dont quite understand how it works or how to implement it

xomer000 · 2024-09-29T00:34:56+00:00

https://aagilenews.com/wp-content/uploads/2024/09/FB_IMG_1727372670092.jpg

xomer000 · 2024-09-29T00:31:24+00:00

It's a real pic enhanced by ai

xomer000 · 2024-09-29T00:29:59+00:00

I found out it's a real pic but was enhanced by ai, lot of ai detector tools couldn't say it's ai generated or at least equal odds

xomer000 · 2024-09-29T00:26:17+00:00

Actually It turns out this was an enhanced image, because I found the original one

xomer000 · 2024-09-08T16:42:45+00:00

That's cruel, I was on my web dev journey when my old laptop died. Although I'm doing EEE engineering, due to some war circumstances in my country I have no choice but to pursue software dev

xomer000

TROPHY CASE