Security Basics mailing list archives

RE: Disclosure

From: "Craig S Wright" <craig.wright () information-defense com>
Date: Thu, 12 Feb 2009 20:42:26 +1100

You can always be sued. Truth is a defense. It does not stop a suit however.

...
Dr. Craig S Wright GSE-Malware, GSE-Compliance, LLM, & ...
Information Defense Pty Ltd



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Saphex
Sent: Thursday, 12 February 2009 6:58 AM
To: security-basics () securityfocus com
Subject: Disclosure

Hi,

I have been wondering, how to disclosure vulnerabilities. If some
corporate web site has a vulnerability, witch is the best approach to
reveal that vulnerability to them? Without getting a lawsuit or
something?
Is there some law compliant way of doing it? Lets assume they didn't ask
for the security *testing*.

Best regards,
saphex

Current thread:

Disclosure Saphex (Feb 11)
- Re: Disclosure Adriel T. Desautels (Feb 11)
- Re: Disclosure Dennis Kudin (Feb 11)
  - Re: Disclosure Saphex (Feb 11)
  - Re: Disclosure Eitan Adler (Feb 12)
- RE: Disclosure Craig S Wright (Feb 12)