HackerTrans
TopNewTrendsCommentsPastAskShowJobs

ponny

no profile record

Submissions

Show HN: Bugbop – a smaller bug bounty platform

bugbop.com
1 points·by ponny·hace 6 meses·7 comments

Shopify says remove Stripe billing or get booted from their app store

624 points·by ponny·hace 5 años·225 comments

FB reporting tool goes to nowhere?

5 points·by ponny·hace 6 años·3 comments

comments

ponny
·hace 6 meses·discuss
Internal notes, yep. Will do this month :-)

Making the program "restricted" will mean that bug hunters have to apply (and do KYC if you turn that on). You'll be able to do what you propose but it'll also increase friction vs having submissions fully public.
ponny
·hace 6 meses·discuss
Fair questions.

The main differentiator to HackerOne is price and lower commitment (i.e. contracts). It's also a lot simpler in the UI as it's not chasing the big end of town and uses AI in a more integrated way. That said, Bugbop isn’t trying to replace HackerOne. It’s built for teams that won’t run a bug bounty otherwise.

Bypassing can be a problem but paying people overseas (and KYC) can be quite annoying. There's also less credibility without a 3rd party proving the bounties exist.

"Someone can copy you" was never going to be a moat. There's a lot more to a company than just the technical build. I'll just have to stay better than them :-)

I've priced Bugbop very competitively and making it free will be difficult with the payment processing fees.

Indisputable USP? That's hard. I think Bugbop is fairly unique in that it's a passion project of a long-time bug bounty program runner. I love this stuff and I'm happy to have a founder-to-founder calls about what bug bounty looks like in practice.
ponny
·hace 6 meses·discuss
Happy to answer any questions or just talk bug bounty/disclosure. I love both economics and security. Bug bounty sits at the intersection of these two.
ponny
·hace 5 años·discuss
In our app we use this as a simple way to notifiy the user of rare, exceptional errors. E.g. Network errors, being out of sync with the backend.
ponny
·hace 5 años·discuss
All. That's the issue they've got. It looks like we're going to have to hide it for anyone that comes in via the App Store.

Another problem is we've got 4 products and only one is listed on the Shopify app store. If they log in via product A's listing then buy product B, it seems we must use Shopify's billing for that too.
ponny
·hace 5 años·discuss
These aren't purchases via their app store (I don't know if you can even do that?). They're within our webapp using Shopify's billing API to buy stuff. The Shopify integration is just used for discovery (via their app store), login, installation, email integration, and of course billing.
ponny
·hace 5 años·discuss
Nah, we've had Stripe since 2013. Added Shopify billing in 2016 (which was a nightmare using their old API). We'll be too small for an exemption/wire transfer method.
ponny
·hace 6 años·discuss
Update: Submitted a copyright complaint to FB. Seems to have made the page go away now.
ponny
·hace 6 años·discuss
Update: This from Facebook just now...

We reviewed the profile you reported and found that it doesn't go against any of our Community Standards. If there's something specific on this profile that you think we should review (e.g. a photo), please report the content itself. We want to keep Facebook safe and welcoming for everyone, so thanks again for taking the time to report this.
ponny
·hace 6 años·discuss
Update: also friended my mum :-\