So we had a user submit a vulnerability on one of the sites I manage.
This was on the 3rd day of our bounty program being in operation, so we recieved quite a few reports (of the same general thing) from a number of security researchers.
One in particular, is accusing us of fixing "his" bug without giving credit (Bug was fixed as a result of the other notifications), and has subsequently posted a malicious review of the site in question on trustpilot, which is going to have a clear detrimental impact on the business who's website was affected, until such time as the researcher removes it. (assuming they do).
Is this considered acceptable and responsible behaviour for someone who uses this site?
Is it ok to effectively demand payment from someone in order to not post malicious reviews?
Responsible Disclosure?
Re: Responsible Disclosure?
please provide proofs
-
- Posts:2
- Joined:Sun Jul 19, 2020 5:47 pm
Re: Responsible Disclosure?
The Researcher has now apologised and removed the review in question.
See comments on (private) OBB-1236479
Any way I can remove the negetive rep I gave him as a result?
See comments on (private) OBB-1236479
Any way I can remove the negetive rep I gave him as a result?
Who is online
Users browsing this forum: No registered users and 2 guests