Responsible Disclosure?

Questions or suggestions about the platform
Locked
TandyUKServers
Posts: 2
Joined: Sun Jul 19, 2020 5:47 pm

Responsible Disclosure?

Post by TandyUKServers » Mon Jul 27, 2020 1:06 pm

So we had a user submit a vulnerability on one of the sites I manage.

This was on the 3rd day of our bounty program being in operation, so we recieved quite a few reports (of the same general thing) from a number of security researchers.

One in particular, is accusing us of fixing "his" bug without giving credit (Bug was fixed as a result of the other notifications), and has subsequently posted a malicious review of the site in question on trustpilot, which is going to have a clear detrimental impact on the business who's website was affected, until such time as the researcher removes it. (assuming they do).

Is this considered acceptable and responsible behaviour for someone who uses this site?
Is it ok to effectively demand payment from someone in order to not post malicious reviews?

User avatar
x1admin
Site Admin
Posts: 2910
Joined: Sun Nov 15, 2015 7:04 pm

Re: Responsible Disclosure?

Post by x1admin » Tue Jul 28, 2020 6:34 am

please provide proofs

TandyUKServers
Posts: 2
Joined: Sun Jul 19, 2020 5:47 pm

Re: Responsible Disclosure?

Post by TandyUKServers » Tue Jul 28, 2020 7:21 am

The Researcher has now apologised and removed the review in question.

See comments on (private) OBB-1236479

Any way I can remove the negetive rep I gave him as a result?

Locked

Who is online

Users browsing this forum: No registered users and 1 guest