Hello!
When reporting an incident we already got to choose, whether to post it publicly, without any technical details, or to post it secretly, with the technical details disclosed - another option, combining both would, be really nice.
I think many people would mistake an email from the website as SPAM and won't react. Maybe this could be changed, if we gave those people a possibility to verify or findings, by providing them with the actual PoC.
Shouldn't be to hard to implement. Additionaly to the public URL, with the technical details hidden, just generate a secret URL to be sent with the email notifying the website owner.
I'd really appreciate the implementation of this, since it could help eliminating thoughts about our reports being some kind of SPAM or blackmail.
Option to disclose vulnerability to webmaster
Re: Option to disclose vulnerability to webmaster
You can provide details after webmaster contacted with youMitRauch wrote: ↑Thu Feb 15, 2018 10:05 pmHello!
When reporting an incident we already got to choose, whether to post it publicly, without any technical details, or to post it secretly, with the technical details disclosed - another option, combining both would, be really nice.
I think many people would mistake an email from the website as SPAM and won't react. Maybe this could be changed, if we gave those people a possibility to verify or findings, by providing them with the actual PoC.
Shouldn't be to hard to implement. Additionaly to the public URL, with the technical details hidden, just generate a secret URL to be sent with the email notifying the website owner.
I'd really appreciate the implementation of this, since it could help eliminating thoughts about our reports being some kind of SPAM or blackmail.
We can't send emails with any details or link to open details
Who is online
Users browsing this forum: No registered users and 2 guests