Allow me to fix this for you:

> On 6 Mar 2018, at 20:04, filipe <filipe.xav...@tempest.com.br> wrote:
> =====[ Timeline of disclosure
> ]===============================================
> 01/24/2018 - Vendor was informed of the vulnerability.
> 01/29/2018 - Vendor did not respond.

01/25/2018 - We replied notifying you that we’ve opened a ticked with the 
relevant team
01/26/2018 - We asked for a working PoC
01/31/2018 - You replied with a theoretical “PoC” (no code, just a few steps 
which didn’t really help, sadly)
02/01/2018 - We replied asking for a script, a piece of code, a video, anything 
that backs up your claim since we didn’t reproduce it based on the steps you 
02/12/2018 - We notified you that we closed the ticket since you stopped 

> 01/24/2018 - CVE assigned [2]
> 03/06/2018 - Advisory publication date.

We take our bugbounty programs very seriously and other than some Nigerian 
princes and fake LinkedIn invites we reply to _all_ reports, valid, invalid or 
incredibly ridiculous alike. As such, you may imagine why, when we saw an 
advisory with our name saying “Vendor did not respond”, the team felt a bit 
disappointed for failing to reply for the first time in a few years. Thankfully 
this was not the case.

If you still believe this is a genuine issue, exploitable in real life and you 
have some evidence to back that up, let us know and we’ll gladly reopen the 

Alex “Jay” BALAN
Chief Security Researcher

Attachment: signature.asc
Description: Message signed with OpenPGP

Sent through the Full Disclosure mailing list
Web Archives & RSS: http://seclists.org/fulldisclosure/

Reply via email to