Conversation

Notices

1. Embed this notice
   Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Friday, 10-Jan-2025 03:16:47 JST Jan Wildeboer 😷:krulorange:

   FTR. I still believe in #ResponsibleDisclosure with a 90 day limit after the first acknowledged receipt. If the company/government/organisation won't move 90 days after they've acknowledged receiving your info, you should be free to go public.

   • Embed this notice
     Uckermark MacGyver :nonazi: (maxheadroom@hub.uckermark.social)'s status on Friday, 10-Jan-2025 03:42:35 JST Uckermark MacGyver :nonazi:

     in reply to

     @jwildeboer what if they don't ACK?

   • Embed this notice
     SpaceLifeForm (spacelifeform@infosec.exchange)'s status on Friday, 10-Jan-2025 04:01:06 JST SpaceLifeForm

     in reply to

     @jwildeboer

     If it is closed source and $VENDOR stonewalls, what other option is there besides leaking?

   • Embed this notice
     SpaceLifeForm (spacelifeform@infosec.exchange)'s status on Friday, 10-Jan-2025 04:12:42 JST SpaceLifeForm

     @jwildeboer

     Yes. I was referring to post 90 days.

     If they confirm the problem, but say they need more time, how long do you give them?

     Say, another 3 months. They if they replay the same movie then, it will become clear they do not want to fix. Possibly because the exploit is being used for profit.