I'm thinking of creating a list of company websites that I do not recommend the intervention of security researchers. The criteria to be included in this list are the following:
Lack of thanks for the work and time spent;
Lack of information when the vulnerability is fixed;
Lack of response to questions;
False promises of rewards just to get the information they wanted (personally I don't force anyone to give a reward, but don't like people who make fake promises just to obtain what they wish for);
Lack of a proper treatment when dealing with security researchers
The idea is to put a pastebin link with the list in my profile.
Since this is a community, I would like to know your opinion about this, if you agree or not.
I also would like to know from the administrator if exists any rule that are against this action.
Cheers
List of non-honorable mentions
-
- Posts:11
- Joined:Sat Sep 30, 2017 12:26 pm
Last edited by andrevcalvinho on Mon Dec 25, 2017 9:11 pm, edited 2 times in total.
Re: List of non-honorable mentions
uhm... hard so say... generally i don't like the idea of making a "blame-list" or so.
what would be the reaction? they will never ever even think about working with us when we're blaming on them.
what would be the reaction? they will never ever even think about working with us when we're blaming on them.
- mcurietribute
- Posts:19
- Joined:Sun Aug 27, 2017 5:01 pm
Re: List of non-honorable mentions
We're better than that. You're better than that.
I understand the feeling you're getting though. I'm with you. But at the same time, it doesn't mean we should use our knowledge and capabilities for monetary gain or the expectation of such. It makes us no better than those that do.
We do this, as a community, to protect the end user.
We do this on our free time for the expectation of not receiving anything.
We do this to make the Internet a safer place.
At least that's what I've gotten from the time being involved in the Open Bug Bounty community.
I believe we should strive to keep it that way.
I understand the feeling you're getting though. I'm with you. But at the same time, it doesn't mean we should use our knowledge and capabilities for monetary gain or the expectation of such. It makes us no better than those that do.
We do this, as a community, to protect the end user.
We do this on our free time for the expectation of not receiving anything.
We do this to make the Internet a safer place.
At least that's what I've gotten from the time being involved in the Open Bug Bounty community.
I believe we should strive to keep it that way.
Re: List of non-honorable mentions
+1mcurietribute wrote: ↑Wed Dec 27, 2017 5:45 amWe do this, as a community, to protect the end user.
We do this on our free time for the expectation of not receiving anything.
We do this to make the Internet a safer place.
Who is online
Users browsing this forum: No registered users and 2 guests