How can I make the triaging process easier?

Triaging reports can be tough and repetitive work. Here are some simple steps that can boost your triaging efficiency and make your life easier.

Use response templates

The Bug bounty responses repository is a collection of response templates for invalid bug bounty reports. This allows you to quickly respond to low-quality reports without wasting too much valuable time that could be invested into the critical severity reports.

$ git clone https://github.com/fransr/template-generator.git
$ git clone https://github.com/EdOverflow/bug-bounty-responses.git
$ cp -a bug-bounty-responses/tpls/. template-generator/tpls/
$ cd template-generator
$ php -S localhost:8000
Frans Rosén's Template generator in action.

Set up keyword triggers

To make your life easier, set up a tool that monitors reports for certain keywords commonly associated with invalid reports, and then send automated responses to that report if a certain number of keywords are detected. You can see a keyword trigger in action in this report. Can you guess what the keyword was?

Consider the hunter's reputation

Most bug bounty platforms incorporate some sort of reputation system whereby highly-skilled hunters can demonstrate their skill in terms of points and/or ranking. Verifying the hunter's reputation while triaging can often help you notice your own mistakes. Is it really likely that someone at the very top of the platform's leader board would report an invalid issue? It is safe to assume that they probably would not.

Familiarise yourself with the community

Get to know the hunters! You can apply to join to Bug Bounty Forum, Bug Bounty World, or simply follow hunters on Twitter. Getting to know the individual on the other side of the playing field will almost certainly drastically change the way you triage. Not only will you recognise the hunter reporting an issue to your program, you are more likely to approach the report assuming benevolence. On a side note, this point also includes understanding what the other side does, so make sure to read the hunter's sections here on Bug Bounty Guide.