Once a vulnerability is patched, program owners will often have the issue retested to help verify that the fix was successful. Researchers are uniquely positioned to complete this black-box retest to certify a complete fix. With a breakers-mindset, researchers are incentivized to complete the original reproduction steps and also work around the patch for further rewards (as defined by the program’s brief). Once a vulnerability is certified patched through a retest, customers can breathe a bit easier knowing the vulnerability is resolved.
Starting last month, select customers can request retests for submissions, which are then allocated to researchers to complete. We look forward enabling our customers and researchers to further work together and enable a secure software development lifecycle.
