0

I've discovered a bug in an order page from big American company in April 2017.

I've reported the bug to said company and they haven't done a thing, I email them from time to time but the bug is still there and they haven't done nothing related to the bounty.

What should I do? Report the bug publicly or wait? They keep replying that the bug is being remediated for the last 9 months.

Thanks in advance.

R. Jay
  • 1
  • 1
  • This looks like a duplicate of [Where to publicly report a vulnerability, after developer ignores it?](https://security.stackexchange.com/questions/130961) and [What to do about companies that refuse to fix their security vulnerabilities](https://security.stackexchange.com/questions/25001). But it is kind of unclear what you are asking: the body suggests that you are interested in having the bug fixed but the title and tag suggest that you are mainly interested in getting a bug bounty for it. – Steffen Ullrich Jan 05 '19 at 10:31
  • Thanks for the reply. It's a bit of both, it would be very useful for me to have a the bounty career wise but also want to have the bug addressed as soon as possible. – R. Jay Jan 05 '19 at 12:19

0 Answers0