@attritionorg do you think it would be worthwhile to make an 'international do not disclose to' list of companies? (cc @mrb0t)
-
-
@attritionorg a list of places that either flat out ignore researchers disclosing things, or act maliciously (legal threats etc) -
@Viss we already maintain the legal threats. ignoring researchers would be interesting. make a better OSF project than Errata -
@attritionorg cool! Thanks for the input!@mrb0t was having some infosec rage today with someone ignoring him. -
@Viss could possibly crowd source it via a mail list and a template w/ helpful info - End of conversation
New conversation -
-
-
@attritionorg so that if someone finds something, they have a go-to place to see if its worth disclosing it to the org or not. -
@Viss@attritionorg wouldn’t that potentially lead to the risk of people not disclosing to a company that saw the errors of its ways? -
@fl1bbl3@attritionorg depends on the outcome, and the orgs willingness to make good. Also, its a system that would require followups.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.