Suggestion: seeing used contact for a report
Posted: Thu Jan 16, 2020 5:13 pm
Hello,
Sometimes it is hard to find a valid contact to report a vulnerability.
So I take one I found, try it and if I don't get any response after several days I try another one and so on.
But due to many vulnerabilities and it is impossible to remember all used contacts.
With U.S. universities I may have luck with some (security@, infosec@, iso@, cybersecurity@, soc@, its@, itsecurity@, cert@ and more) but again it is hard to remember every attempt.
It will be great to see the list of additional contacts that were used for a report (this information will only appear for the researcher that submitted the flaw)
Sometimes it is hard to find a valid contact to report a vulnerability.
So I take one I found, try it and if I don't get any response after several days I try another one and so on.
But due to many vulnerabilities and it is impossible to remember all used contacts.
With U.S. universities I may have luck with some (security@, infosec@, iso@, cybersecurity@, soc@, its@, itsecurity@, cert@ and more) but again it is hard to remember every attempt.
It will be great to see the list of additional contacts that were used for a report (this information will only appear for the researcher that submitted the flaw)