Re: Things to do before vulnerability disclosure

[Geoffrey J Gowey <gjgowey () gmail com>]

Print out the note to them from a library, pick up note using gloves,  
put note in self sealing envelope (minus return address), put on self  
adhesive stamp, then mail note from a public box in another town.  Or  
you could email them and find out the hard way how much of a sense of  
humor their corporate security department has (read: lawsuit).

Sent from my iPhone

On Jun 15, 2009, at 11:10 AM, Giuseppe Fuggiano <giuseppe.fuggiano () gmail com 
> wrote:

> Hi list,
>
> What are, if any, the legal and "ethical" things to do before someone
> could publicly disclosure a given vulnerability?
>
> --
> Giuseppe
>
> --- 
> ---------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification  
> Review Board
>
> Prove to peers and potential employers without a doubt that you can  
> actually do a proper penetration test. IACRB CPT and CEPT certs  
> require a full practical examination in order to become certified.
>
> http://www.iacertification.org
> --- 
> ---------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------