Hey All, Couple of questions on reporting vulnerabilities:
1) Is there a damn template somewhere that can be used, as I'm pretty sure there was at one point, and I can't seem to find it? If so, could someone please let me know where this is located? 2) Is it worth sending something out like a cookie storing usernames and passwords in clear text for a major vendor's piece of software? 3) What's the correct procedure to go through reporting a vulnerability? If all of these questions can be answered with one simple link, can someone please paste it, as I really need to know this info soon. TIA xyberpix _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
