logoalt Hacker News

tecleandoryesterday at 6:41 PM2 repliesview on HN

First:

> To bridge that gap, we started dogfooding XBOW in public and private bug bounty programs hosted on HackerOne. We treated it like any external researcher would: no shortcuts, no internal knowledge—just XBOW, running on its own.

Is it dogfooding if you're not doing it to yourself? I'd considerit dogfooding only if they were flooding themselves in AI generated bug reports, not to other people. They're not the ones reviewing them.

Also, honest question: what does "best" means here? The one that has sent the most reports?

Replies

jamessinghalyesterday at 6:51 PM

Their success rates on HackerOne seem widely varying.

  22/24 (Valid / Closed) for Walt Disney

  3/43 (Valid / Closed) for AT&T
show 2 replies
inhumantsaryesterday at 11:38 PM

I think they mean dogfooding as in putting on the "customer" hat and using the product.

Seems reasonable to call that dogfooding considering that flooding themselves wouldn't be any more useful than synthetic testing and there's only so much ground they could cover using it on their own software.

If this were coming out of Microsoft or IBM or whatever then yeah, not really dogfooding.