Quote:
|
Originally Posted by AlienQ
OK Fris...
So Ya speak to Greg a very decent guy and decide to expose a cheap server side security flaw of a web application?
Ya knew about the security issue before hand and the professional thing to do is post the info on a public board?
Your definatly a guy that can not be trusted.
No questions asked.
|
Actually that's the estabished and accepted method of bug reporting. Notify the company privately and if they don't fix it in a reasonable amount of time make the bug public so they have to fix it. Its far better to embarrass the company into fixing the bug than to have someone less reputable discover the bug and be free exploit it indefinitely.
__________________
"Every normal man must be tempted, at times, to spit on his hands, hoist the black flag, and begin slitting throats."
--H.L. Mencken
|