Disclosure protection – DigitalMunition




Disclosure protection

Home Forums Disclosure protection

This topic contains 0 replies, has 1 voice, and was last updated by  BrianMiz 2 months ago.

  • Author
    Posts
  • #158865

    BrianMiz
    Member

    Has anyone ever made some sort of agreement or waiver that they’ve had signed before disclosing a vulnerability to a company?

    I’ve found a vulnerability with a publicly traded company and the API their app uses will let you view other user accounts (including the user’s SSN).

    I’ve handled disclosures with smaller companies that have had 40,000-500,000 users, but this one is a lot bigger and for some reason I feel nervous on this one.

    I didn’t know if it was worth trying to make sure I’m not seen as a bad guy.

You must be logged in to reply to this topic.