Hi, I'm just curious:
If a researcher reports a xss and the website owner wants the report deleted (for any reason), whats your policy in this cases?
I mean, if a website owner contacts you to delete a report, do you delete it? Even if it is against the researcher will?
Best regards and congrats on the amazing platform you got here,
If a company wants a report deleted and the researcher wants to keep it, what happens?
-
- Posts:12
- Joined:Tue Mar 12, 2019 10:53 pm
Re: If a company wants a report deleted and the researcher wants to keep it, what happens?
be nice. it's the owners website... so if they dont want to have this information published that's fine for me.
you can ask admin for deleting details and just keep the meta record.
you can ask admin for deleting details and just keep the meta record.
-
- Posts:269
- Joined:Mon Apr 30, 2018 7:35 am
Re: If a company wants a report deleted and the researcher wants to keep it, what happens?
I always contact OBB via contact form to make the submissions as Private if website owners do not want to see the reports as Public..
After that, I inform the website owners regarding the old submission URL (it will produce 404 error page) and the new submission URL (it will contain secret URL).
After that, I inform the website owners regarding the old submission URL (it will produce 404 error page) and the new submission URL (it will contain secret URL).
Re: If a company wants a report deleted and the researcher wants to keep it, what happens?
If a company wants me to delete the report, I delete it ASAP, no questions asked.
Who is online
Users browsing this forum: No registered users and 2 guests