(alexschapiro.com)

560 points bearsyankees | 1 comments | 12 May 25 16:39 UTC | HN request time: 0.205s | source

Show context

edm0nd ◴[12 May 25 17:16 UTC] No.43965336[source]▶

>>43964937 (OP) #

> I have been met with radio silence.

Thats when its time to inform them you are dumping the vuln to the public in 90 days due to their silence.

replies(3): >>43965359 #>>43965374 #>>43965518 #

hbn ◴[12 May 25 17:20 UTC] No.43965374[source]▶

>>43965336 #

That's more of a punishment to innocent users than the business

replies(3): >>43965381 #>>43965519 #>>43966199 #

nick238 ◴[12 May 25 17:35 UTC] No.43965519[source]▶

>>43965374 #

Disclosure is good for the 'innocent users' as they are made aware that their data may have been leaked (who knows if the company can do the sufficient auditing and forensics to detect total scraping), rather than just being oblivious because the company just didn't bother to tell them.

replies(2): >>43966025 #>>43966247 #

1. kube-system ◴[12 May 25 18:43 UTC] No.43966247[source]▶

>>43965519 #

> Disclosure is good for the 'innocent users' as they are made aware that their data may have been leaked

Presuming perfect communication which is never the case for security vulnerabilities on a consumer application.

↑

I hacked a dating app (and how not to treat a security researcher)