Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

«XBOW submitted nearly 1,060 vulnerabilities. All findings were fully automated, though our security team reviewed them pre-submission to comply with HackerOne’s policy on automated tools»

That seems a bit unethical. I’ve thought companies specifically deny usage of automated tools. A bit too late ey…?



They acknowledge that in the article and all submissions are human reviewed before they are submitted.


The policies states it’s not allowed to use automated tools, not to submit report using automated tools alone. Human review does not really change that.


if a human reviewer can repro the bug, there is no difference between automated or human found bug.

bug works and is repro - as a software owner, do you care if human or ai found it?


I cannot answer for all the program owners, but I imagine that there are other concerns than reproducibility




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: