(alexschapiro.com)

561 points bearsyankees | 2 comments | 12 May 25 16:39 UTC | HN request time: 0s | source

Show context

xutopia ◴[12 May 25 16:57 UTC] No.43965126[source]▶

That's crazy to not have responded to his repeated requests!

replies(3): >>43965190 #>>43965227 #>>43965306 #

benzible ◴[12 May 25 17:04 UTC] No.43965190[source]▶

As someone managing a relatively low-profile SaaS app, I get constant reports from "security researchers" who just ran automated vulnerability scanners and are seeking bounties on minor issues. That said, it's inexcusable - they absolutely need to take these reports seriously and distinguish between scanner spam and legitimate security research like this.

Update: obviously I just skimmed this, per responses below.

replies(3): >>43965283 #>>43965303 #>>43965441 #

1. bee_rider ◴[12 May 25 17:11 UTC] No.43965283[source]▶

>>43965190 #

It sounds like they actually met with him, patched the issues, and then didn’t respond afterwards. IMO that is quite rude of them toward him, but they do seem to have taken the issue itself somewhat seriously.

replies(1): >>43965404 #

2. benzible ◴[12 May 25 17:24 UTC] No.43965404[source]▶

>>43965283 (TP) #

Ah, sorry, I need to actually read things before I react :)

↑

I hacked a dating app (and how not to treat a security researcher)