Hello,
Sometimes it is hard to find a valid contact to report a vulnerability.
So I take one I found, try it and if I don't get any response after several days I try another one and so on.
But due to many vulnerabilities and it is impossible to remember all used contacts.
With U.S. universities I may have luck with some (security@, infosec@, iso@, cybersecurity@, soc@, its@, itsecurity@, cert@ and more) but again it is hard to remember every attempt.
It will be great to see the list of additional contacts that were used for a report (this information will only appear for the researcher that submitted the flaw)
Suggestion: seeing used contact for a report
Re: Suggestion: seeing used contact for a report
added in to-do listdevl00p wrote: ↑Thu Jan 16, 2020 5:13 pmHello,
Sometimes it is hard to find a valid contact to report a vulnerability.
So I take one I found, try it and if I don't get any response after several days I try another one and so on.
But due to many vulnerabilities and it is impossible to remember all used contacts.
With U.S. universities I may have luck with some (security@, infosec@, iso@, cybersecurity@, soc@, its@, itsecurity@, cert@ and more) but again it is hard to remember every attempt.
It will be great to see the list of additional contacts that were used for a report (this information will only appear for the researcher that submitted the flaw)
Re: Suggestion: seeing used contact for a report
Expanding on this a bit, would it also be possible to show which contact attempts probably failed (bounce, invalid user, error, etc) and which attempt probably succeeded? Thank you.
Who is online
Users browsing this forum: No registered users and 2 guests