Joshua Rogers on his bug bounty experiences in 2025.
Positive for #curl, kafka-esque for all others mentioned. ‚BugCrowd‘ seems to a typical level-1 support company living on denials.
(Joshua also reported on Apache and pbly other projects where he could talk to the maintainers. I take #curl here as an example for FOSS projects interested in actually securing things.)
joshua.hu/2025-bug-bounty-stor…
My 2025 Bug Bounty Stories
A recap of my 2025 bug bounty experiences, featuring failures and stories from Google Cloud, GitHub, Vercel, Opera, and others.Joshua Rogers (Joshua Rogers’ Scribbles)