I have disclosed this issue on the huntr.dev platform. Supposedly, maintainers with write access to the repository should be able to see the details in the following private submissions: https://huntr.dev/bounties/2469c3af-088c-468e-a37f-d35c01256d2f/. Source: almost 2 years ago
This update includes many QoS improvements for the app. The important one is fixing some critical security bugs. Thanks to Huntr.dev and their researchers for helping with testing and reaching out to notify us of the vulnerability. Source: almost 2 years ago
Https://issuehunt.io/issues https://www.bountysource.com/ https://huntr.dev/ Taken from https://www.google.com/search?client=firefox-b-d&q=open+source+bounty. - Source: Hacker News / about 2 years ago
About a month back, I reported what I think is a security issue in the tensorflow/models repository. I disclosed this bug via huntr.dev as they had previous submissions to the repository. The security policy of the repository states that the security team gets back within 24 hours but it's been a month and I haven't heard back from them. The members at huntr.dev were kind enough to leave the following comment but... Source: over 2 years ago
Currently, on huntr.dev, a user submits the report directly to the maintainer. The maintainer will then choose to mark it as valid or as invalid. When marking as valid, the maintainer receives a disclaimer that by clicking valid they agree that: 1) the security issue is valid and that 2) huntr may assign a CVE for the repository. So no, there was no automatic process that got triggered when the maintainer merged a... Source: over 2 years ago
Https://huntr.dev is an opensource project with goals of funding vulnerability finding in opensource. They also have a pretty nice responsible disclosure workflow. Source: almost 3 years ago
I think you'll be a lot better off targeting random open source apps and trying to write exploits based off of your findings there. You could also even make some money during the process via a site like https://huntr.dev/. Source: almost 3 years ago
I'm a staff member at huntr.dev, a bug bounty platform with an open scope across open source code repositories. We have had multiple educational content submissions from our community and I thought the community here would enjoy them :). Source: about 3 years ago
You can try out https://huntr.dev/, they provide cheap bounties for open source repositories on GitHub. You might want to avoid the "suggested" repositories that are mostly just libraries for other projects. Instead, do a little OSINT or search for open-source personal applications (calendars, finance tools, stuff that is meant to be run locally, personal projects, ect). Source: over 3 years ago
Somewhat similar is https://huntr.dev. - Source: Hacker News / over 3 years ago
Checkout https://huntr.dev for open source security, it's an awesome initiative!! Source: over 3 years ago
Do you know an article comparing Huntr by 418sec to other products?
Suggest a link to a post with product alternatives.
This is an informative page about Huntr by 418sec. You can review and discuss the product here. The primary details have not been verified within the last quarter, and they might be outdated. If you think we are missing something, please use the means on this page to comment or suggest changes. All reviews and comments are highly encouranged and appreciated as they help everyone in the community to make an informed choice. Please always be kind and objective when evaluating a product and sharing your opinion.