lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu Oct 6 06:09:37 2005 From: offtopic at mail.ru (offtopic) Subject: Websites vulnerabilities disclosure Hi List. I need your opinion. Recently I found multiply vulnerabilities in several sites. some sites behold to security-related firms but not software vendors. I'm trying to contact that companies under rfpolicy several times but don't receive any response on receive something like "what injection your talking about?". I want to know - is it "ethical" to use standard vulnerability disclosure policies to public websites? Which fird-party can't be user as coordinator, like CERT/CC? Or in other worlds - who should care about Web-sites security? Thank you. (c)oded by offtopic@...l.ru