Hello,
Allow me to fix this for you:
> On 6 Mar 2018, at 20:04, filipe wrote:
>
> =[ Timeline of disclosure
> ]===
>
> 01/24/2018 - Vendor was informed of the vulnerability.
> 01/29/2018 - Vendor did not respond.
01/25/2018 - We replied notifying you that we’ve opened a ticked with the
relevant team
01/26/2018 - We asked for a working PoC
01/31/2018 - You replied with a theoretical “PoC” (no code, just a few steps
which didn’t really help, sadly)
02/01/2018 - We replied asking for a script, a piece of code, a video, anything
that backs up your claim since we didn’t reproduce it based on the steps you
provided.
02/12/2018 - We notified you that we closed the ticket since you stopped
replying
> 01/24/2018 - CVE assigned [2]
> 03/06/2018 - Advisory publication date.
We take our bugbounty programs very seriously and other than some Nigerian
princes and fake LinkedIn invites we reply to _all_ reports, valid, invalid or
incredibly ridiculous alike. As such, you may imagine why, when we saw an
advisory with our name saying “Vendor did not respond”, the team felt a bit
disappointed for failing to reply for the first time in a few years. Thankfully
this was not the case.
If you still believe this is a genuine issue, exploitable in real life and you
have some evidence to back that up, let us know and we’ll gladly reopen the
ticket.
Cheers,
—
Alex “Jay” BALAN
Chief Security Researcher
Bitdefender
signature.asc
Description: Message signed with OpenPGP
___
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/