| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 18 Mar 2012 20:56:20 +0000
From: upsploit advisories <upsploitadvisories@...ploit.com>
To: Michal Zalewski <lcamtuf@...edump.cx>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Fw: Earth to Facebook
The only other people that see the vulnerability are the select few in
upSploit.
However if the vendor is already in the upSploit database the advisory gets
submitted straight away to the vendor.
If you want to try it out there should be an upSploit vendor in the vendor
list. Submit some advisories there.
There is no ploy - like anything it is about trust. I created the service
because when I first started I found it hard to find contacts sometimes.
Use it if you want, don't if you don't. Simple as that really!
Use it once for something you may not care about to much and see how it
works for you.
Thanks,
On 18 March 2012 20:22, Michal Zalewski <lcamtuf@...edump.cx> wrote:
> > Without meaning to advertise, that is one of the reasons upSploit was
> > created - so that you could submit a vulnerability and then upSploit
> > automatically sends to the vendor. This way you and your friend don't
> have
> > to do any of the work on the disclosure.
>
> I clicked around and don't see any obvious explanation; other than the
> reporter and the vendor, who else gets to see the submissions and
> under what circumstances?
>
> /mz
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists