I once talked about bug bounty platforms and warned the community about them.
There are deeper issues with these platforms:
Platforms are paid by vendors, so they listen to vendors. A lot of these vendors abuse the platform to silence offensive researchers and the platforms don't care.
➡️ My recommendation remains ⬅️
- contact vendors directly via email
- use your national CERT for escalations
If you're in Europe: you're in luck, from 2027 the Cyber Resilience Act (CRA) will make it mandatory to have a responsible disclosure process, so European vendors have to answer to the national CERT (or get fined).
#PenerationTesting #pentesting #responsibledisclosure #infosec #cybersecurity #CRA #CyberResilienceAct