round dragon
Hello Qdrant Team,
I wanted to reach out regarding my two vulnerability reports (BBP-886 and BBP-887) that I submitted to your bug bounty program on June 8.
I have sent multiple follow-ups through your bug bounty channel requesting a status update, but unfortunately received no responses. I also escalated through your support channel, and received the same message confirming that my reports were received and are in "open" status. While I appreciate the confirmation, this information alone does not provide meaningful clarity on the investigation progress.
According to your published bug bounty disclosure policy:
Initial response within 5 business days
Triage completion within 5-7 business days
My request:
Could your support team help facilitate a follow-up with the security team on my behalf? I am requesting a substantive triage status update that includes:
Whether the vulnerabilities have been validated/triaged
Severity assessment (if determined)
Estimated timeline for fix implementation
Any additional information required from my end
I am genuinely interested in your program and would like to report additional vulnerabilities I have identified. However, I want to understand the process and timeline for these current reports before investing further time in identifying more issues.
I would greatly appreciate if your team could help move this forward.
Thank you for your time and for running this bug bounty program.
Best regards,
Shervin
stable kernel