nanog mailing list archives
Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now?
From: Brie <bruns () 2mbit com>
Date: Wed, 2 Mar 2022 15:30:29 -0700
I just got this in my e-mail... ------ From: xxxxxxx <xxxxxxxxxx6 () iqra edu pk> Date: Thu, 3 Mar 2022 03:14:03 +0500 Message-ID: <xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx () mail gmail com> Subject: Found Security Vulnerability To: undisclosed-recipients:; Bcc: sxxxxxxxxx () ahbl org Hi Team I am a web app security hunter. I spent some time on your website and found some vulnerabilities. I see on your website you take security very passionately. Tell me will you give me rewards for my finding and responsible disclosure? if Yes, So tell me where I send those vulnerability reports? share email address. Thank you Good day, I truly hope it treats you awesomely on your side of the screen :) xxxxx Security ------Is soliciting for money/rewards when the site makes no indication they offer them a common thing now?
If you want to see a copy of the original message, let me know off list and I'll send it to you.
-- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
Current thread:
- Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now? Brie (Mar 02)
- Re: Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now? Kieran Murphy (Mar 02)
- Re: Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now? Valdis Klētnieks (Mar 02)
- Re: Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now? Denys Fedoryshchenko (Mar 04)
- Re: Is soliciting money/rewards for 'responsible' security disclosures when none is stated a thing now? Aaron de Bruyn via NANOG (Mar 04)