Hey there! Part of my job is keeping the Web Bug Hall of Fame updated on our website. While this is easy for bugs that have gotten payouts (aka, bug-bounty+), it is painful to keep track of reports that warrant inclusion in the bug bounty HoF and yet aren't eligible for a bounty. While we do have a spreadsheet that we can track these things in, it would be great to have an easily searchable canonical source of truth. It will also allow us to track the rare cases where somebody wants the bounty, but doesn't want to be included in the HoF. (flag name) hall-of-fame (or bug-bounty-hof, if people think that is better) (flag description) Flag is used to track whether the bug report is eligible for inclusion in the Bug Bounty Hall of Fame. (products/components) Same components as the "bug-bounty" flag applies to (applies to) Bugs, not attachments (is requestable) No (requested from a specific person) No, although it should only be allowed to be set by the same people that can set bug-bounty Anyways, overall, if you could just make it work exactly like bug-bounty, that would be amazing. Thank you so much!
I like where this is headed... Some additional items to consider: - The current flag for bounty is "sec‑bounty", any objections to "sec-hof" or "sec-bounty-hof"? I only say that because it could be presumptive to assume we are the only hall of fame across all of BMO. - A point of clarification on who can set it. It should be restricted to only those that can set sec‑bounty+, because I believe anyone can nominate with sec‑bounty? in the current setup.
For ease of search, I'd also prefer sec-bounty-hof or some other string including "sec-bounty" because that's a search term that is consistent across the bounty program.
The flag type sec-bounty-hof has been created.
Looks great, thank you so much! This will save my team a ton of time in the future! dkl++