I have been doing bug bounty since 2013. Back then, everything was manual. I used to write my exploits line by line, document every step, and build reports from scratch. It was not easy, and honestly, I did not enjoy writing reports, especially the complex ones. You had to simplify everything clearly to avoid endless back-and-forth during triage. I have also been on the other side, managing bug bounty programs at companies I worked for. It was easy to tell who was serious and who was not. And to be honest, I learned a lot from good reports. People from all over the world come up with very creative approaches. Now things are changing fast with AI. Skilled security engineers are becoming much more productive. AI helps a lot with code review, searching across different sources, and spotting patterns that lead to interesting vulnerabilities. But this only works well because they already understand what they are doing. They know what to ask, and how to ask it. Even report writing has…
No comments yet. Log in to reply on the Fediverse. Comments will appear here.