Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Things to do before vulnerability disclosure

From: Anthony Cicalla <anthony.cicalla () gmail com>
Date: Mon, 15 Jun 2009 18:32:59 -0700
Um, contact the vendor of the product as long as you tested it on your
own network or you had permission to test and find the vulnerability
on the network or host you found it on. If you contact the vendor 3
times and they do not respond regarding the issue then I have no issue
with posting it to full disclosure to bring attention to the issue to
force the vendor to resolve it or get their application moved to a not
usable software as a result of the vulnerability. But that's just my
opinion.

Anthony

On Mon, Jun 15, 2009 at 11:10 AM, Giuseppe
Fuggiano<giuseppe.fuggiano () gmail com> wrote:

Hi list,

What are, if any, the legal and "ethical" things to do before someone
could publicly disclosure a given vulnerability?

--
Giuseppe

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------






-- 
Anthony,

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: