(reason: 550 5.4.1 [security@lastpass.com]: Recipient address rejected: Access denied) 
-
Show this thread
-
Replying to @taviso
Are bug bounty platform terms regarding disclosure the reason you don't want to report via the platform? Genuinely curious. You aren't the 1st researcher who feels this way if so. It's a reason I advise companies not to require any form of NDA-like terms. https://www.lastpass.com/security
4 replies 6 retweets 62 likes -
Replying to @k8em0
Yes, I refuse to agree to terms before reporting a vulnerability. I prefer email, they're still free to not read my reports if they like.
2 replies 13 retweets 127 likes -
What are your terms/time frame when reporting something privately?
2 replies 0 retweets 0 likes -
No terms or obligations. It's like saying you're going to make a truthful, verifiable and reproducible claim about a product, but willing to give the vendor a short window to make changes first if they wish to do so. No requirement to act if they don't want to or don't care.
1 reply 0 retweets 6 likes -
bit of a noob about this type of disclosure, but these companies say that they will not take legal action if you follow the bug bounty terms. Are they allowed to do so if you report privately and disclose before fix?
1 reply 0 retweets 0 likes
You can sue anybody for anything.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.