Security Basics mailing list archives

Re: Disclosure

From: Dennis Kudin <dennis.kudin () gmail com>
Date: Wed, 11 Feb 2009 23:54:05 +0200

Hi,

As a first step, just send them a notification with description of the
vulnerability and let them have some time to fix it. Try to get their
response to make sure they received your message and understood it
correctly. This is a normal practice. Why do you think they'll pursue
you if you clearly show your good intentions and readiness to
cooperate?

--
Best regards,
Dennis
http://kudin.net

-----Original Message-----
From: Saphex <saphex () gmail com>
Sent: Wednesday, February 11, 2009, 21:58:08
To: security-basics () securityfocus com, , 
Subject: Disclosure
Hi,

I have been wondering, how to disclosure vulnerabilities. If some
corporate web site has a vulnerability, witch is the best approach to
reveal that vulnerability to them? Without getting a lawsuit or
something?
Is there some law compliant way of doing it? Lets assume they didn't ask
for the security *testing*.

Best regards,
saphex

Current thread:

Disclosure Saphex (Feb 11)
- Re: Disclosure Adriel T. Desautels (Feb 11)
- Re: Disclosure Dennis Kudin (Feb 11)
  - Re: Disclosure Saphex (Feb 11)
  - Re: Disclosure Eitan Adler (Feb 12)
- RE: Disclosure Craig S Wright (Feb 12)