How about combining reward splitting with having some way to show a count of recent submissions (no details, just count), so people know before submitting that there is a chance someone else already submitted the issue.
Or a mechanism for companies that use email to register the researchers submissions in HackerOne. The details will be sealed and non-public, with researchers having no way to know it exists unless the company provides a link to it as proof of work. HackerOne thus acts as a kind of notary against accusations from researchers that it wasn’t really a duplicate.
Or a mechanism for companies that use email to register the researchers submissions in HackerOne. The details will be sealed and non-public, with researchers having no way to know it exists unless the company provides a link to it as proof of work. HackerOne thus acts as a kind of notary against accusations from researchers that it wasn’t really a duplicate.