←back to thread

XBOW, an autonomous penetration tester, has reached the top spot on HackerOne

(xbow.com)
283 points summarity | 1 comments | 24 Jun 25 15:53 UTC | HN request time: 0.001s | source
Show context
mkagenius ◴[24 Jun 25 18:19 UTC] No.44369114[source]
> XBOW submitted nearly 1,060 vulnerabilities.

Yikes, explains why my manually submitted single vulnerability is taking weeks to triage.

replies(2): >>44369323 #>>44374572 #
tptacek ◴[24 Jun 25 18:37 UTC] No.44369323[source]
The XBOW people are not randos.
replies(1): >>44369375 #
lcnPylGDnU4H9OF ◴[24 Jun 25 18:40 UTC] No.44369375[source]
That's not their point, I think. They're just saying that those nearly 1060 vulnerabilities are being processed so theirs is being ignored (hence "triage").
replies(1): >>44369411 #
tptacek ◴[24 Jun 25 18:43 UTC] No.44369411[source]
If that's all they're saying then there isn't much to do with the sentiment; if you're legit-finding #1061 after legit-findings #1-#1060, that's just life in the NFL. I took instead the meaning that the findings ahead of them were less than legit.
replies(3): >>44369640 #>>44369966 #>>44370374 #
1. lcnPylGDnU4H9OF ◴[24 Jun 25 19:24 UTC] No.44369966{3}[source]
> there isn't much to do with the sentiment

I see what you're saying but I think a more charitable interpretation can be made. They may be amazed that so many bug reports are being generated by such a reputable group. Looking at your initial reply, perhaps a more constructive comment could be one that joins them in excitement (even if that assumption is erroneous) and expanding on why you think it is exciting (e.g. this group's reputation for quality).