Also applies to many, many social interactions at work. Don't take other people's contributions for granted!
-
-
-
Yes, this is basic collegiality
But the point is to see researchers as professional colleagues, who are fundamentally on the same team as you, trying to make things more secure. Too many see vulnerability researchers as adversaries. - 1 more reply
New conversation -
-
-
Hmm, I'm not sure I have any interest at all in hearing "congratulations", it's entirely the wrong response to me - it's like you left the vulnerability there as an exercise or challenge for me to find rather than a mistake.
-
Finding issues, especially ones that can be published, is often an important achievement, even career milestones. It's just that :) Finding bugs before attackers or production does is also worthy of positive reinforcement. I think it helps to flip the "bad news" bias.
- 1 more reply
New conversation -
-
-
I can confirm that
@colmmacc actually does it, and it is very nice. And on the other side, if you send security issues, I'd like to suggest also being polite and constructive. Remember that building products is much harder than finding vulnerabilities. -
+1
@colmmacc is great to work with on the "other side" of a disclosure process.
End of conversation
New conversation -
-
-
Applies to the flip side of reporting as well. I really appreciate Damian J's well explained responses when I report things to aws-security@amazon.com.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.


