Jump to content
  • Recently Browsing   0 members

    No registered users viewing this page.

Recommended Posts

In a world where nobody writes perfect code or keeps up with applying patches for known vulnerabilities, there exist people who try to warn others. Sometimes lauded as heroes of the internet, other times treated like outlaws, this is a place to post the best & the worst of vulnerability disclosure related experiences. Whether you're a finder, coordinator, or receiving party to vuln disclosure, there is much to discuss in this often misunderstood space.

  • Like 2

Share this post

Link to post

i reported one to a major cloud provider and their response was to state that 


1, the vulnerability did exist but had been closed in 2014

2, my own email must have been hacked 

well i hope that it wasnt 2* but i found it by accident in 2017...


yes they are a household name and so big its impossible to get to the right team ( even have email header evidence) - oh well its fixed for me at least. 




oh another one from a *looooong* time ago was with a major lock manufacturer, if you nmapped their lock control server it rebooted and err unlocked all the connected locks ( for H&S reasons) 

we tried to get them to fix it, they ignored us then asked us if we were threatening them...

we buried the system deep with a single machine on a dedicated vlan eventually 

Share this post

Link to post

My personal favorite is when they don't respond. You know they got the notification, the issue is quietly fixed (or not lol) and nothing... 

  • Like 1

Share this post

Link to post

Hey folks, 

What are some of the best practices an organization should have when it comes to running an effective vuln disclosure program?

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy