(xbow.com)

283 points summarity | 1 comments | 24 Jun 25 15:53 UTC | HN request time: 0.209s | source

Show context

keisborg ◴[25 Jun 25 14:54 UTC] No.44378064[source]▶

«XBOW submitted nearly 1,060 vulnerabilities. All findings were fully automated, though our security team reviewed them pre-submission to comply with HackerOne’s policy on automated tools»

That seems a bit unethical. I’ve thought companies specifically deny usage of automated tools. A bit too late ey…?

replies(1): >>44378781 #

8200_unit ◴[25 Jun 25 16:01 UTC] No.44378781[source]▶

>>44378064 #

They acknowledge that in the article and all submissions are human reviewed before they are submitted.

replies(1): >>44379364 #

keisborg ◴[25 Jun 25 16:48 UTC] No.44379364[source]▶

>>44378781 #

The policies states it’s not allowed to use automated tools, not to submit report using automated tools alone. Human review does not really change that.

replies(1): >>44380544 #

slt2021 ◴[25 Jun 25 18:39 UTC] No.44380544[source]▶

>>44379364 #

if a human reviewer can repro the bug, there is no difference between automated or human found bug.

bug works and is repro - as a software owner, do you care if human or ai found it?

replies(1): >>44380724 #

1. keisborg ◴[25 Jun 25 18:56 UTC] No.44380724[source]▶

>>44380544 #

I cannot answer for all the program owners, but I imagine that there are other concerns than reproducibility

↑

XBOW, an autonomous penetration tester, has reached the top spot on HackerOne