Full Disclosure mailing list archives
Re: Fw: Earth to Facebook
From: upsploit advisories <upsploitadvisories () upsploit com>
Date: Sun, 18 Mar 2012 21:27:16 +0000
We don't just send the initial advisory... I guess I need to make the website slightly more informative! After the initial contact we have (currently) a 6 month disclosure policy. We send an email every month, in the final month once a week and in the final week once a day. This email is automatically generated and includes information about how long is left, how many emails we have sent etc. Please note that the 6 months is being changed to 1 month without contact 3 month fix (case by case) in the near future. Thanks On 18 March 2012 21:24, Thor (Hammer of God) <thor () hammerofgod com> wrote:
Why not just provide them with the contact and they can forward it on directly? Then you could obviate the entire trust issue…**** ** ** t**** ** ** *From:* full-disclosure-bounces () lists grok org uk [mailto: full-disclosure-bounces () lists grok org uk] *On Behalf Of *upsploit advisories *Sent:* Sunday, March 18, 2012 1:56 PM *To:* Michal Zalewski *Cc:* full-disclosure () lists grok org uk *Subject:* Re: [Full-disclosure] Fw: Earth to Facebook**** ** ** The only other people that see the vulnerability are the select few in upSploit.**** ** ** However if the vendor is already in the upSploit database the advisory gets submitted straight away to the vendor.**** ** ** If you want to try it out there should be an upSploit vendor in the vendor list. Submit some advisories there.**** ** ** There is no ploy - like anything it is about trust. I created the service because when I first started I found it hard to find contacts sometimes. Use it if you want, don't if you don't. Simple as that really!**** ** ** Use it once for something you may not care about to much and see how it works for you.**** ** ** Thanks,**** ** ** On 18 March 2012 20:22, Michal Zalewski <lcamtuf () coredump cx> wrote:****Without meaning to advertise, that is one of the reasons upSploit was created - so that you could submit a vulnerability and then upSploit automatically sends to the vendor. This way you and your friend don'thaveto do any of the work on the disclosure.****I clicked around and don't see any obvious explanation; other than the reporter and the vendor, who else gets to see the submissions and under what circumstances? /mz**** ** **
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Earth to Facebook J. Oquendo (Mar 15)
- Re: Earth to Facebook crazy frog crazy frog (Mar 18)
- Re: Earth to Facebook Ferenc Kovacs (Mar 18)
- Re: Earth to Facebook Jeffrey Walton (Mar 18)
- Re: Earth to Facebook Zach C. (Mar 18)
- Re: Earth to Facebook Jeffrey Walton (Mar 18)
- <Possible follow-ups>
- Re: Fw: Earth to Facebook upsploit advisories (Mar 18)
- Re: Fw: Earth to Facebook Michal Zalewski (Mar 18)
- Re: Fw: Earth to Facebook upsploit advisories (Mar 18)
- Re: Fw: Earth to Facebook Thor (Hammer of God) (Mar 18)
- Re: Fw: Earth to Facebook upsploit advisories (Mar 18)
- Re: Fw: Earth to Facebook Michal Zalewski (Mar 19)
- Re: Fw: Earth to Facebook Michal Zalewski (Mar 18)