Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Conversation

Notices

Embed this notice
Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Friday, 10-Jan-2025 03:16:47 JST Jan Wildeboer 😷:krulorange:

FTR. I still believe in #ResponsibleDisclosure with a 90 day limit after the first acknowledged receipt. If the company/government/organisation won't move 90 days after they've acknowledged receiving your info, you should be free to go public.

In conversation about 9 days ago from social.wildeboer.net permalink
- Embed this notice
  Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Friday, 10-Jan-2025 03:42:33 JST Jan Wildeboer 😷:krulorange:
  in reply to
  - Uckermark MacGyver :nonazi:
  @maxheadroom If they have an official security contact, the 90 days start after receipt of message. If they don't have any official method of contact publicly available, the 90 days start after a public warning?
  
  In conversation about 9 days ago permalink
- Embed this notice
  Uckermark MacGyver :nonazi: (maxheadroom@hub.uckermark.social)'s status on Friday, 10-Jan-2025 03:42:35 JST Uckermark MacGyver :nonazi:
  in reply to
  
  @jwildeboer what if they don't ACK?
  
  In conversation about 9 days ago permalink
- Embed this notice
  Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Friday, 10-Jan-2025 04:01:05 JST Jan Wildeboer 😷:krulorange:
  in reply to
  - SpaceLifeForm
  @SpaceLifeForm Publicly announce that you have a verified attack with a working and verified proof of concept and give a trusted way to be contacted within 90 days before publishing.
  
  In conversation about 9 days ago permalink
- Embed this notice
  SpaceLifeForm (spacelifeform@infosec.exchange)'s status on Friday, 10-Jan-2025 04:01:06 JST SpaceLifeForm
  in reply to
  
  @jwildeboer
  If it is closed source and $VENDOR stonewalls, what other option is there besides leaking?
  
  In conversation about 9 days ago permalink
- Embed this notice
  SpaceLifeForm (spacelifeform@infosec.exchange)'s status on Friday, 10-Jan-2025 04:12:42 JST SpaceLifeForm
  in reply to
  
  @jwildeboer
  Yes. I was referring to post 90 days.
  If they confirm the problem, but say they need more time, how long do you give them?
  Say, another 3 months. They if they replay the same movie then, it will become clear they do not want to fix. Possibly because the exploit is being used for profit.
  
  In conversation about 9 days ago permalink
- Embed this notice
  Jan Wildeboer 😷:krulorange: (jwildeboer@social.wildeboer.net)'s status on Friday, 10-Jan-2025 04:12:42 JST Jan Wildeboer 😷:krulorange:
  in reply to
  - SpaceLifeForm
  @SpaceLifeForm 90 days starting latest after the acknowledgement that the problem exists and is reproducible. No extensions, no discussions.
  
  In conversation about 9 days ago permalink

Public

Conversation

Notices

Feeds