We ought to recognize that others may not understand how to respond to security ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

btipling on May 21, 2013 | parent | context | favorite | on: The Firing Offense

We ought to recognize that others may not understand how to respond to security vulnerability reports. We can use this knowledge to be a little bit more wise in our own behavior.

The best approach may be if you are unsure as to what the response will be when you feel like you need to disclose a security vulnerability is to do so anonymously.

josso on May 21, 2013 | [–]

Definitely anonymously and with a hash of a secret message to prove it was you, in case there'll be a bonus.

btipling on May 21, 2013 | | [–]

If they don't understand responsible disclosure I doubt they will understand hashing.

guard-of-terra on May 21, 2013 | | [–]

And preferably on Reddit.

kaoD on May 21, 2013 | [–]

Or keep it to yourself and wreak havoc.

sageikosa on May 21, 2013 | [–]

I'd suggest cheeky mischief over havoc.

pavel_lishin on May 21, 2013 | | [–]

Shenanigans.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact