p/general Share and discuss tech, products, business, startups, or product recommendations

How do you deal with "vulnerability scan" email spam?

•

12mo ago

As a solo founder it could be helpful to learn about a new security flaw in your application that you didn't know about. Only if they were helpful, of course. Often more than not I am getting emails about something that is not an issue. It won't even be an issue if my site had tens of XSS and users using IE 5. But I also don't want to discourage open researches that do exist somewhere. Do you have a bug bounty program? What are your terms?

Just ignore them all. My app doesn't have to worry about security

Reply, investigate but ignore if it's not touching PII / payment

50%

Fix everything you get, promote / reward researchers

50%

I am on no-code/low-code and ignore it

Haven't ever received anything like that

Replies

Best

Ilya Spike

startnew.app

I might have heard @alessio_mavica getting some spam during his launch of BaliBam 👀

Report

12mo ago

Alessio Boost Software Agency

BaliBam

@ilya_spike Yes, Ilya! I got two emails. I chose "Fix everything you get, promote / reward researchers". Even if I didn't pay anything. I don't have a bug bounty at the moment (yet). My suggestion is to reply and explain the situation. If you are pre-revenue, they generally are open to share the details anyway for free.

Report

12mo ago