Security Basics mailing list archives
Re: Disclosure
From: Dennis Kudin <dennis.kudin () gmail com>
Date: Wed, 11 Feb 2009 23:54:05 +0200
Hi, As a first step, just send them a notification with description of the vulnerability and let them have some time to fix it. Try to get their response to make sure they received your message and understood it correctly. This is a normal practice. Why do you think they'll pursue you if you clearly show your good intentions and readiness to cooperate? -- Best regards, Dennis http://kudin.net -----Original Message----- From: Saphex <saphex () gmail com> Sent: Wednesday, February 11, 2009, 21:58:08 To: security-basics () securityfocus com, , Subject: Disclosure Hi, I have been wondering, how to disclosure vulnerabilities. If some corporate web site has a vulnerability, witch is the best approach to reveal that vulnerability to them? Without getting a lawsuit or something? Is there some law compliant way of doing it? Lets assume they didn't ask for the security *testing*. Best regards, saphex
Current thread:
- Disclosure Saphex (Feb 11)
- Re: Disclosure Adriel T. Desautels (Feb 11)
- Re: Disclosure Dennis Kudin (Feb 11)
- Re: Disclosure Saphex (Feb 11)
- Re: Disclosure Eitan Adler (Feb 12)
- RE: Disclosure Craig S Wright (Feb 12)