Security Basics mailing list archives

Re: Disclosure

From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Wed, 11 Feb 2009 15:24:36 -0500

Notify CERT and the company at the same time anonymously.


On Feb 11, 2009, at 2:58 PM, Saphex wrote:

Hi,

I have been wondering, how to disclosure vulnerabilities. If some
corporate web site has a vulnerability, witch is the best approach to
reveal that vulnerability to them? Without getting a lawsuit or
something?

Is there some law compliant way of doing it? Lets assume they didn'task

for the security *testing*.

Best regards,
saphex




        Adriel T. Desautels
        ad_lists () netragard com
        --------------------------------------

        Subscribe to our blog
        http://snosoft.blogspot.com

Current thread:

Disclosure Saphex (Feb 11)
- Re: Disclosure Adriel T. Desautels (Feb 11)
- Re: Disclosure Dennis Kudin (Feb 11)
  - Re: Disclosure Saphex (Feb 11)
  - Re: Disclosure Eitan Adler (Feb 12)
- RE: Disclosure Craig S Wright (Feb 12)