Disclosure protection Home › Forums › Disclosure protection This topic contains 0 replies, has 1 voice, and was last updated by BrianMiz 2 months ago. Author Posts November 15, 2019 at 9:49 am #158865 BrianMizMember Has anyone ever made some sort of agreement or waiver that they’ve had signed before disclosing a vulnerability to a company? I’ve found a vulnerability with a publicly traded company and the API their app uses will let you view other user accounts (including the user’s SSN). I’ve handled disclosures with smaller companies that have had 40,000-500,000 users, but this one is a lot bigger and for some reason I feel nervous on this one. I didn’t know if it was worth trying to make sure I’m not seen as a bad guy. Author Posts You must be logged in to reply to this topic.