New idea: a website which allows people to submit anonymously (or not) vulnerability found in websites. What do you think?
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
https://www.openbugbounty.org/ no bounty involved (despite the name of the website)
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
Perhaps to also add a reasonable disclosure timing to make sure the vendor actually takes action to the disclosure. There's just too many times vendors take not action, opening the risk of their users to exploitation
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
...um why would someone give away 0days for free? :/ if the endpoint doesnt have a bounty there is usually some blackhat on .onion that’ll toss some XMR your way for a flaw
-
@drefanzor Sometimes when security researcher reach out to vendors on responsible disclosure, they received a cease and desist instead of commendation letter. I see website able to mitigate that risk away
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.