1 pointIn a world where nobody writes perfect code or keeps up with applying patches for known vulnerabilities, there exist people who try to warn others. Sometimes lauded as heroes of the internet, other times treated like outlaws, this is a place to post the best & the worst of vulnerability disclosure related experiences. Whether you're a finder, coordinator, or receiving party to vuln disclosure, there is much to discuss in this often misunderstood space.
1 pointMy favorite is still this one: I disclosed a number of vulns, including their private keys to the production environment and an exposed vulnerable router via SSRF. "Thanks, but why?"
1 pointLet's start with the light (dark?) side of vulnerability disclosure: The Pwnie Awards. 🦄 There's still time for a nomination for Lamest Vendor Response! Enter here: https://docs.google.com/forms/d/e/1FAIpQLSfZlVxAuoMaHgZVrzNWREccbqXrJcqIST_4Z2F12a3VbqfJhg/viewform